What is malicious software? Malicious software (also called "malware") is software that was developed with the intention to cause harm. Malware can include viruses, worms, spyware, and other destructive programs that can hide on your computer and can slow its performance to a crawl. Even more alarming, malware can be used to monitor your browsing habits, steal passwords, and even allow an attacker to gain control of your system. Malicious software either installs on your computer without your knowledge or can be installed with a program you intended to download.

The MSRT checks for and helps to remove specific, prevalent malicious software infections. If detection and removal has accrued, a display window indicates which malicious software was picked up.

Each month, after the second Tuesday, Microsoft will provide an updated version of this tool that removes malicious software that is found to be prevalent for that month.

Getting the Malicious Software Removal Tool - There are two ways you can get the Malicious Software Removal Tool. Microsoft recommends that home users either turn on the Automatic Updates feature in Windows XP, or run the tool online.

1. If your computer is running Windows XP, you can get the latest version of the tool online from Microsoft Update. To have the tool automatically delivered and installed each month on your computer without having to take further action, simply turn on Automatic Updates.

2. If your computer is running either Windows XP, or Windows 2000, you can run the tool directly from an easy-to-use online wizard available at: www.microsoft.com/malwareremove

How do I verify whether the removal tool has run on a client computer? There are two ways to check:

1. You can examine the value data for following registry entry to verify the execution of the tool. You can implement such a check as part of a startup script or a logon script. This will prevent the tool from running multiple times.

   Subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT

   Every time the tool is run, independent of the results of the execution, the tool will record a GUID to the registry to indicate that it has been executed. The following table lists the GUID that corresponds to each release.

2. Using Windows Explorer look for the log entitled "mrt.log" located under your "Document" files or in the following folder: C:\Windows\Debug\mrt.log

   Another similar tool is written by McAfee called Stinger. It is updated approximately every three months and can be downloaded at: http://vil.nai.com/vil/stinger/

There is no restriction against any non-profit group using this article as long as it is kept in context with proper credit given the author. The Editorial Committee of the Association of Personal Computer User Groups (APCUG), an international organization of which this group is a member, brings this article to you.

For more information on the Tulsa Computer Society click here