Change Run to Hidden. Change After to No action required. Click the Requirements tab, and then click This program can run only on specified client operating systems. Click the Environment tab, click Whether a user is logged in the Program can run list. Set the Run mode to Run with administrative rights. Right-click the Advertisement node, click New , and then click Advertisement. On the General tab, enter a name for the advertisement. In the Package field, select the package that you previously created.
In the Program field, select the program that you previously created. Click Browse , and then click the All System collection or select a collection of computers that only includes Windows Vista and later versions. On the Schedule tab, leave the default options if you want the program to only run one time.
To run the program on a schedule, assign a schedule interval. This method requires you to restart the client computer after you set up the script and after you apply the Group Policy setting.
Set up the shares. To do this, follow the steps in the Initial setup and configuration section. Double-click Logon , and then click Add. The Add a Script dialog box is displayed.
This method requires that the logon user account is a domain account and is a member of the local administrator's group on the client computer. In this scenario, the script and the tool will run under the context of the logged-on user. If this user does not belong to the local administrators group or does not have sufficient permissions, the tool will not run and will not return the appropriate return code. For more information about how to use startup scripts and logon scripts, go to the following article in the Microsoft Knowledge Base:.
You can examine the return code of the tool in your deployment logon script or in your deployment startup script to verify the results of execution. See the Code sample section for an example of how to do this. The following list contains the valid return codes. At least one infection was detected and removed, but manual steps are required for a complete removal. At least one infection was detected and removed, but manual steps are required for complete removal and errors were encountered.
At least one infection was detected and removed, but a restart is required for complete removal and errors were encountered. At least one infection was detected and removed, but both manual steps and a restart is required for complete removal.
At least one infection was detected and removed, but a restart is required. No errors were encountered. Starting with version 1. Before version 1. The log file format has changed with version 1. If this log file already exists, the tool appends to the existing file. You can use a command script that resembles the previous example to capture the return code and to collect the files to a network share. Version 1.
Like the ANSI version, this log file will be appended to each month's release. The following example is an Mrt. The following is an example log file where no malicious software is found. The following is a sample log file in which errors are found. For more information about warnings and errors that are caused by the tool, go to the following article in the Microsoft Knowledge Base:. Operation failed. Action: Clean, Result: 0xE. Please use a full antivirus product!
When you run the tool by using a startup script, error messages that resemble the following error message may be logged in the Mrt. Note The pid number will vary. This error message occurs when a process is just starting or when a process has been recently stopped.
The only effect is that the process that is designated by the pid is not scanned. This has been observed only in the removal of certain rootkit variants. To complete the removal, you should use an up-to-date antivirus product. Reporting infection information to Microsoft The MSRT sends basic information to Microsoft if the tool detects malicious software or finds an error. This information will be used for tracking virus prevalence. No identifiable personal information that is related to you or to the computer is sent together with this report.
The MSRT does not use an installer. Typically, when you run the MSRT, it creates a randomly named temporary directory on the root drive of the computer. This directory contains several files, and it includes the Mrtstub. Most of the time, this folder is automatically deleted after the tool finishes running or after the next time that you start the computer.
However, this folder may not always be automatically deleted. In these cases, you can manually delete this folder, and this has no adverse effect on the computer. Help protect your computer that is running Windows from viruses and malware: Virus Solution and Security Center. Help installing updates: Support for Microsoft Update.
Local support according to your country: International Support. The following files are available for download from the Microsoft Download Center: For bit xbased systems:. Download the x86 MSRT package now. Download the x64 MSRT package now. For more information about how to download Microsoft support files, see How to obtain Microsoft support files from online services.
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
If you are an IT administrator who wants more information about how to deploy the tool in an enterprise environment, see Deploy Windows Malicious Software Removal Tool in an enterprise environment. Except where noted, the information in this section applies to all the ways that you can download and run the MSRT:.
You must log on to the computer by using an account that is a member of the Administrators group. If your logon account does not have the required permissions, the tool exits. If the tool is not being run in quiet mode, it displays a dialog box that describes the failure. If the tool is more than days 7 months out of date, the tool displays a dialog box that recommends that you download the latest version of the tool. Runs in detect-only mode. In this mode, malicious software will be reported to the user, but it will not be removed.
When you download the tool from Microsoft Update or from Automatic Updates, and no malicious software is detected on the computer, the tool will run in quiet mode next time.
If malicious software is detected on the computer, the next time that an administrator logs on to the computer, a balloon will appear in the notification area to notify you of the detection. For more information about the detection, click the balloon. When you download the tool from the Microsoft Download Center, the tool displays a user interface when it runs.
Each release of the tool helps detect and remove current, prevalent malicious software. This malicious software includes viruses, worms, and Trojan horses. Microsoft uses several metrics to determine the prevalence of a malicious software family and the damage that can be associated with it. This Microsoft Knowledge Base article will be updated with information for each release so that the number of the relevant article remains the same. The name of the file will be changed to reflect the tool version.
The following table lists the malicious software that the tool can remove. The tool can also remove any known variants at the time of release. The table also lists the version of the tool that first included detection and removal for the malicious software family. We maximize customer protection by regularly reviewing and prioritizing our signatures.
We add or remove detections as the threat landscape evolves. Note: It is recommended to have an up to date next-gen antimalware product installed for continuous protection. The specific information that is sent to Microsoft consists of the following items:.
An indicator that notes whether the tool is being run by Microsoft Update, Windows Update, Automatic Updates, the Download Center, or from the website. A cryptographic one-way hash MD5 of the path and file name of each malicious software file that is removed from the computer.
If apparently malicious software is found on the computer, the tool prompts you to send information to Microsoft beyond what is listed here. You are prompted in each of these instances, and this information is sent only with your consent. The additional information includes the following:.
You can disable the reporting feature. For information about how to disable the reporting component and how to prevent this tool from sending information to Microsoft, see Deploy Windows Malicious Software Removal Tool in an enterprise environment. An infection was found but was not removed. Note This result is displayed if suspicious files were found on the computer.
To help remove these files, you should use an up-to-date antivirus product. An infection was found and was partially removed. Note To complete this removal, you should use an up-to-date antivirus product. A3: Yes. Per the terms of this tool's license terms, the tool can be redistributed.
However, make sure that you are redistributing the latest version of the tool. A4: If you are a Windows 7 user, use Microsoft Update or the Microsoft Update Automatic Updates functionality to test whether you are using the latest version of the tool. Or, use the Windows Update Automatic Updates functionality to test whether you are using the latest version of the tool. Additionally, you can visit the Microsoft Download Center. Also, if the tool is more than 60 days out of date, the tool reminds you to look for a new version of the tool.
A5: No. The Microsoft Knowledge Base article number for the tool will remain as for future versions of the tool. The file name of the tool when it is downloaded from the Microsoft Download Center will change with each release to reflect the month and the year when that version of the tool was released. A6: Currently, no. Malicious software that is targeted in the tool is based on metrics that track the prevalence and damage of malicious software. A7: Yes. By checking a registry key, you can determine whether the tool has been run on a computer and which version was the latest version that was used.
If you have already run the current version of the tool from Windows Update, Microsoft Update, Automatic Updates, or from either of the other two release mechanisms, it will not be reoffered on Windows Update or Automatic Updates. It is significantly more desirable to block malicious software from running on a computer than to remove it after infection.
The tool removes only specific prevalent malicious software. Specific prevalent malicious software is a small subset of all the malicious software that exists today. The tool focuses on the detection and removal of active malicious software.
Active malicious software is malicious software that is currently running on the computer. The tool cannot remove malicious software that is not running.
However, an antivirus product can perform this task. The Malicious Software Removal Tool runs in quiet mode in the background. If it detects malicious software on your computer, the next time that you log on to your computer as a computer administrator, a balloon will appear in the notification area to make you aware of the detection. If the tool finds malicious software, you may be prompted to perform a full scan.
We recommend that you perform this scan. A full scan performs a quick scan and then a full scan of the computer, regardless of whether malicious software is found during the quick scan. This scan can take several hours to complete because it will scan all fixed and removable drives. However, mapped network drives are not scanned.
If malicious software has modified infected files on your computer, the tool prompts you to remove the malicious software from those files.
If the malicious software modified your browser settings, your homepage may be changed automatically to a page that gives you directions on how to restore these settings. You can clean specific files or all the infected files that the tool finds. Be aware that some data loss is possible during this process.
Also, be aware that the tool may be unable to restore some files to the original, pre-infection state. The removal tool may request that you restart your computer to complete the removal of some malicious software, or it may prompt you to perform manual steps to complete the removal of the malicious software.
0コメント