Microsoft为(Microsoft)Windows用户维护了一个重要的工具,称为恶意软件删除(Malicious Software Removal)工具。如果您在一段时间内一直在运行没有任何防病毒软件的Windows系统(包括Windows 7、Windows 10 和Windows 11),那么最好使用此工具来扫描您的系统可能感染的恶意软件。
当您知道您的系统有感染恶意软件的风险时,它更像是一种抽查工具。通常,自动运行的防病毒和反恶意软件(如Windows Defender)会阻止Microsoft Windows 恶意软件删除(Microsoft Windows Malicious Software Removal)工具找到的任何内容。因此,如果您有良好的防病毒保护,则不必担心运行此工具。
什么是恶意软件删除工具(Malicious Software Removal Tool)?
通常,Windows更新中至少每月包含一个新版本的Windows 恶意软件删除工具。(Windows Malicious Software Removal)这意味着该工具会经常更新,这就是为什么在您打算使用它时从 Microsoft 下载最新副本是个好主意。(download the latest copy from Microsoft)
该工具相当简单且易于使用。恶意软件删除(Malicious Software Removal)工具有两种模式。
- 更新后(Post Update):如果微软(Microsoft)在更新后安装了该工具的最新版本,它将在后台自动运行,除非它发现感染,否则你永远不会知道。在这种情况下,它会弹出一个报告,提醒您发现并删除了恶意软件。
- 手动(Manually):您可以下载最新版本并作为独立工具运行。这将在前台运行并在扫描时向您显示状态。完成后,它会向您显示相同的报告,让您知道是否发现并清除了任何恶意软件或间谍软件。
无论哪种情况,恶意软件删除过程都只会在您重新启动计算机后才能完全完成。
该工具的原始版本是为应对 2014 年针对Windows XP操作系统的重大威胁而创建的。这些威胁包括木马病毒和Blaster、Sasser和Mydoom等蠕虫病毒。从那时起,该工具已扩展到涵盖对 Microsoft 最新版本Windows操作系统的所有最新威胁。
注意(Note):此工具仅关注Microsoft所说的“仅流行的恶意软件系列”。Microsoft建议使用Microsoft 安全扫描程序(Microsoft Safety Scanner)对最新的恶意软件威胁进行全面、全面的扫描。
您应该如何使用Windows 恶意软件删除工具(Windows Malicious Software Removal Tool)
永远不要仅仅依靠定期运行恶意软件删除工具来保护您的系统。您应该始终在后台安装并运行防病毒工具。甚至还有免费的防病毒工具可以有效地保护您的系统,例如Malwarebytes。您还应该确保启用了Windows 防火墙(Windows Firewall)和Windows Defender 。
如果您正在运行此类软件,则无需手动运行Windows 恶意软件删除(Windows Malicious Software Removal)工具。但是,有时该工具对运行很有用。
- 在Windows Update之后,如果包含该工具的最新版本,它将在后台自动运行。
- 切换防病毒软件时,您的计算机将在没有任何保护的情况下运行并可能连接到互联网。
- 不小心让您的计算机在很长一段时间内没有任何防病毒软件连接到互联网。
- 如果您正在运行您不信任的防病毒软件,那么它正在彻底保护您的计算机。
切勿运行Windows 恶意软件删除(Windows Malicious Software Removal)工具来替代运行防病毒软件。防病毒(Antivirus)和反恶意软件在后台不间断运行,以防止恶意软件首先安装在您的系统上。
即使每周甚至每天定期运行该工具,仍然会使您的计算机面临风险。防病毒(Antivirus)软件将防止恶意软件安装在您的系统上,而Windows 恶意软件删除(Windows Malicious Software Removal)工具是您怀疑系统已被感染后的最后手段。
手动运行恶意软件删除工具(Malicious Software Removal Tool)
如果您发现自己处于上述任何一种情况,运行此工具是一个好主意,但请确保通过安装并使用防病毒应用程序运行扫描来跟进此操作。这应该可以捕获恶意软件删除(Malicious Software Removal)工具可能遗漏的任何内容。
- 从 Microsoft 的下载页面下载该工具后,运行它并逐步完成设置过程。在初始屏幕上,您只需选择Next。
如果您好奇该工具会扫描哪些恶意软件,您可以选择链接以在此窗口中查看恶意恶意软件列表。
- 在下一个窗口中,您可以选择扫描类型。
以下是每种扫描类型的作用:
- 快速扫描(Quick Scan):这是对System32等系统文件夹的集中扫描,通常会在其中发现恶意软件。
- 全面扫描(Full Scan):这会扫描您的整个系统,可能需要几个小时才能完成。
- 自定义扫描(Customized Scan):您可以为该工具提供您希望它扫描的特定文件夹。
- 接下来,您将看到一个进度条,因为该工具会扫描系统中的文件夹和文件。随着扫描的进行,如果发现任何感染,您将看到“文件感染”旁边的数字从 0 递增。
- 扫描完成后,希望会出现如下所示的窗口,显示未发现恶意软件。
- 如果发现恶意软件,您将看到已发现并修复的问题的报告。此时,您需要重新启动系统才能使更改生效并彻底清理系统。
注意(Note):您可以通过选择查看详细的扫描结果(View detailed results of the scan)来查看已扫描恶意软件的完整报告。这是一个非常长且详细的列表,其中列出了扫描的每种恶意软件类型和扫描结果。
您的系统上还存储了一个日志文件,您可以在%WINDIR%\debug\mrt.log。默认情况下,如果您的驱动器号为 C:,则此路径默认为C:\Windows\debug\mrt.log。您可以使用记事本(Notepad)打开此文件并查看扫描结果。
同样,在大多数情况下,您永远不必手动运行此工具。它几乎每月都包含在Windows 更新(Windows Updates)中,并带有该工具的新版本。只要您在系统上启用了 Windows 更新(Windows Updates enabled),您就可以相信此工具会自行自动运行。只有当它在您的系统上发现恶意软件时,您才会收到通知。
The Windows Malicious Software Removal Tool: A Full Guide
Microsoft maintainѕ an important tool for Windows users сalled the Malicious Software Removal tool. If you’ve been running a Windows system (including Windоws 7, Windows 10, and Windowѕ 11) without any antivirus software for a whilе, it’s a good idea to use this tool to scan for malware your system may be infected with.
It’s more of a spot-check tool when you know your system has been at risk of getting malware. Typically, antivirus and anti-malware software like Windows Defender that runs automatically will block anything the Microsoft Windows Malicious Software Removal tool will find. So if you have good antivirus protection, you shouldn’t have to worry about ever running this tool.
What Is the Malicious Software Removal Tool?
Usually, a new version of the Windows Malicious Software Removal tool is included at least monthly in a Windows update. This means the tool is kept frequently updated, which is why it’s a good idea to download the latest copy from Microsoft when you intend to use it.
The tool is fairly simple and quick to use. There are two modes for the Malicious Software Removal tool.
- Post Update: If Microsoft installs the latest version of the tool after an update, it’ll automatically run in the background and you’ll never know unless it discovers an infection. In that case it will pop-up a report alerting you that malicious software was discovered and removed.
- Manually: You can download and run the latest version as a standalone tool. This will run in the foreground and show you a status as it’s scanning. When it finishes it’ll show you the same report letting you know if any malware or spyware was found and cleaned.
The malware removal process, in either case, will only fully complete once you’ve restarted your computer.
The original version of this tool was created in response to significant threats against the Windows XP operating system in 2014. Those threats included trojan viruses and worms like Blaster, Sasser, and Mydoom. Since then, the tool has expanded to cover all the latest threats to Microsoft’s newest versions of the Windows operating system.
Note: This tool only focuses on what Microsoft calls “prevalent malware families only”. Microsoft recommends using the Microsoft Safety Scanner for a complete, comprehensive scan for the latest malware threats.
How You Should Use the Windows Malicious Software Removal Tool
Never depend solely on regularly running the malicious software removal tool to protect your system. You should always install and run an antivirus tool in the background. There are even free antivirus tools that work effectively at protecting your system, like Malwarebytes. You should also make sure Windows Firewall and Windows Defender are enabled.
If you are running such software, you never have to manually run the Windows Malicious Software Removal tool. However, there are times when the tool is useful to run.
- After a Windows Update, if the latest version of the tool is included, it’ll run automatically in the background.
- When switching antivirus software, your computer will be running and possibly connected to the internet without any protection.
- Accidentally leaving your computer connected to the internet without any antivirus software for a significant period of time.
- If you’re running antivirus software that you don’t trust is doing a thorough job protecting your computer.
Never run the Windows Malicious Software Removal tool as an alternative to running antivirus software. Antivirus and antimalware software run non-stop in the background to prevent malicious software from getting installed on your system in the first place.
Even running the tool on a regular schedule weekly or even daily will still leave your computer at risk. Antivirus software will prevent malware from ever installing on your system, while the Windows Malicious Software Removal tool is a last resort after you suspect your system has already been infected.
Manually Running the Malicious Software Removal Tool
While it’s a good idea to run this tool if you find yourself in any of the situations listed above, make sure to follow this up by installing and running a scan with an antivirus app afterward as well. This should catch anything the Malicious Software Removal tool might have missed.
- Once you download the tool from Microsoft’s download page, run it and step through the setup process. On the initial screen you only need to select Next.
If you’re curious what malicious software the tool scans for, you can select the link to view the list of malicious malware on this window.
- On the next window, you can choose the scan type.
The following are what each scan type does:
- Quick Scan: This is a focused scan in system folders like System32, where malware is typically found.
- Full Scan: This scans your entire system and may take several hours to complete.
- Customized Scan: You can provide the tool with specific folders that you would like it to scan.
- Next, you’ll see a progress bar as the tool works through scanning folders and files in your system. As the scan proceeds, if any infections are found you’ll see the number beside “Files Infected” increment from 0.
- Once the scan is done, hopefully a window like the one below will appear, showing you that no malicious software was found.
- If malware is found, you’ll see a report of issues that were found and repaired. At this point you’ll need to restart your system for the changes to take effect and your system to be fully cleaned.
Note: You can see a full report of the malware that was scanned for by selecting View detailed results of the scan. This is a very long and detailed list of each individual type of malware scanned for and the scan results.
There is also a log file stored on your system that you can view at %WINDIR%\debug\mrt.log. By default, if your drive letter is C:, this path would be C:\Windows\debug\mrt.log by default. You can use Notepad to open this file and view the scan results.
Again, in most cases, you should never have to manually run this tool. It’s included in Windows Updates almost monthly with a fresh version of the tool. So long as you have Windows Updates enabled on your system, you can trust that this tool will run automatically by itself. You will only be notified if it finds malware on your system.