Skip navigation

The Scoop on Microsoft's Malicious Software Removal Tool

Microsoft's consolidated "Malicious Software Removal Tool," is now available and will be updated on the second Tuesday of each month according to Microsoft. The tool is essentially a consolidation of the company's other malware cleaning tools. The new all-in-one tool is currently designed to remove the Blaster, MyDoom, Sasser, Zindos, Nachi, Gaobot, Doomjuice, and Berbew forms of malware. 

Microsoft will maintain one Knowledge Base article,
890830, which will be updated with new information as each monthly update of the tool is released. The article currently contains extensive information about the tool.

The tool is now available via Automatic Updates and Windows Update for users of Windows XP, and further update support for Windows Server 2003 and Windows 2000 will be added later. In the meantime users of those systems can manually download the tool (currently 256KB). The tool does not work on Windows 9x, Windows Me, or Windows NT platforms.

Enterprise customers can deploy the tool by following the instructions indicated in the article, "Deployment of the Microsoft Windows Malicious Software Removal Tool in an enterprise environment ," which includes information about using the tool with Microsoft Systems Management Server (SMS), Microsoft Software Update Services (SUS), and Microsoft Baseline Security Analyzer (MBSA).

The company also has a new "malware removal" Web site. The site allows users to run the tool directly from a Web page at the site, however only the operating systems currently supported by Microsoft will work.

Microsoft reminds Windows users that they "should also use up-to-date antivirus software to help protect your computer from other malicious software," and also points out that the Malicious Software Removal Tool only removes the most prevalent forms of malware.

Most, if not all, anti-virus software protects systems from infection by the malware that Microsoft's tool removes. Nevertheless it might be a good idea to run the tool to see if systems have become infected before anti-virus software packages were updated with the corresponding protection signatures.

If you decide to use the tool then take note that, "the Malicious Software Removal Tool will send information back to Microsoft if the tool detects malicious software or finds an error. This information will be used for tracking virus prevalence," as stated by Microsoft.

Microsoft said the information sent back to them includes, "The name of the malicious software that is detected; the result of malicious software removal; the operating system version; the operating system locale" and "the processor architecture. The company also said that "no other information is sent to Microsoft." The information seems harmless enough, however be sure to check whether such information disclosure adheres to your company's information security policies.

For a list of frequently asked questions be sure to read the related Knowledge Base article 890830.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.