Microsoft Windows Malicious Software Removal Tool - how does it work?

Discussion in 'Windows Desktop Systems' started by Elroy Jetson, Jan 11, 2005.

  1. Elroy Jetson

    Elroy Jetson Little Dipper School

    Messages:
    330
    Location:
    Adelaide, Australia
    Windows update installed the Microsoft Windows Malicious Software Removal Tool, buit how does it work? I have no link to the program anywhere i can see? What does it do, and how?

    Any help greatly appreciated!
    EJ ;-)
     
  2. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
  3. Elroy Jetson

    Elroy Jetson Little Dipper School

    Messages:
    330
    Location:
    Adelaide, Australia
    Yes, thanks j79zlr, i saw and read through this, but it still does not say how it actually runs. is it scheduled somehow, command line only (in which case, what is the file name?), ...

    I am clueless!
     
  4. RickyC

    RickyC OSNN Addict

    Messages:
    199
    Location:
    Earth
  5. Elroy Jetson

    Elroy Jetson Little Dipper School

    Messages:
    330
    Location:
    Adelaide, Australia
    Nope, it is gone. just visited the windowsupdate, and it is not there. will it reappear every month, though? strange tool...

    and the installation history tells me it was successful, too.
    see: Malicious Software Removal Tool - January 2005 (KB890830) Successful Wednesday, 12 January 2005 Windows Update website

    and if it is a run once thing, where is it stored? I can't even find a file ...
     
  6. Electronic Punk

    Electronic Punk Administrator Staff Member Political User Folding Team

    Messages:
    18,590
    Location:
    Copenhagen, Denmark
    Check out the frontpage for a link to it.
    It will be updated every month.

    Pretty neat and I hope it has the desired effect.
     
  7. Elroy Jetson

    Elroy Jetson Little Dipper School

    Messages:
    330
    Location:
    Adelaide, Australia

    Yes, I could do this, but windowsupdate tells me it was installed, and I CANNOT FIND IT !!!!!
     
  8. RickyC

    RickyC OSNN Addict

    Messages:
    199
    Location:
    Earth
    It downloads a cab file to a temp folder and extracts it, check your temp folders though it may just delete the files after it has run :(

    Check my above post if you want to DL it again :) (oops didn't see it on the frontpage)
     
  9. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    Yeah I was looking around like crazy trying to figure out how to run it after it was installed...found out it runs right after install and just checks once. When you click on finish, thats actually the report saying that it has or has not found something. to run the online version click here:

    http://www.microsoft.com/security/malwareremove/default.mspx
     
  10. Elroy Jetson

    Elroy Jetson Little Dipper School

    Messages:
    330
    Location:
    Adelaide, Australia

    So do I understand it corretly, then, that with each windows update from now on I will be downloading a new version of this "software" rather than update a current version on my system? What a stupid, stupid way of distributing such a piece of code. M$, you have done it again ....

    <walks away scratches his haed>

    EJ :disappointed:
     
  11. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    I think so. I dont quite get it either...but it really is only a check for a handful of worms/trojans. similar to mcafee's stinger.
     
  12. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    I found out where this gets installed. Go to internet options, under temp internet files, click on settings, click view objects. You should see it in there.
     
  13. NetRyder

    NetRyder Tech Junkie Folding Team

    Messages:
    13,256
    Location:
    New York City
    Bear in mind that this is NOT meant to be a replacement for your regular antivirus software (just a heads up for those who were even thinking along these lines). It's targeted towards clueless users who don't have AV software installed (or those with definitions that haven't been updated in months because of an expired subscription) and are hit by the most common worms.

    Basically, it's just a removal tool that'll check your computer once every month. Realtime scanning will still need to be handled by third-party antivirus software.
     
  14. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    What I don't understand is that it scans for worms that exploit holes patched months ago, now if they go to Windows Update and get the stupid removal tool, they should just update their entire system, and then you don't need the removal tool. Anyone follow?
     
  15. falconguard

    falconguard Carbon based lifeform Political User Folding Team

    Messages:
    3,406
    Location:
    SoCal
    yes , I agree. But what if the worms already resided on the hard drive previous to updating? You know the fact of updating would not be necessary if everybody did it, but let's be honest Windows went to automatic updates becuase there were the few out there who just never bothered. You know who you are...
     
  16. leedogg

    leedogg Gojyone kawaiiiiiiii!

    Messages:
    820
    Agreed, this simply sounds like a service MS provides, scanning for particular trojans right before you update patches.