Malicious Software Removal Tool - Does it create logs?


  1. Posts : 3,487
    Win 7 Pro x64/Win 10 Pro x64 dual boot
       #1

    Malicious Software Removal Tool - Does it create logs?


    I ran the newest Malicious Software Removal Tool from the latest batch of Windows updates yesterday. Since I have a lot of files in ran into the wee hours. It showed 5 infections when I went to bed, and I expected it to be still going this morning, but when I went to look this morning, MRT.exe was no longer running.

    The Event Viewer shows a number of errors around 4:00 AM with files and programs that should not even have been running. I suspect that this is when MRT.exe shut down, though it doesn't show in the event log as shutting down.

    Does the Malicious Software Removal Tool create logs of any kind as it works? If so, where can I find them?

    Any help gratefully received.
      My Computer


  2. Posts : 1,363
    Win7 pro x64
       #2

    search your hard drive for mrt.log
      My Computer


  3. mjf
    Posts : 5,969
    Windows 7x64 Home Premium SP1
       #3

    The mrt.log should be in c:\windows\debug

    When I ran mrt.exe manually on c: it took ~30min and I saw 7 infections accumulate as it was running. When it finished it reported no malicious software detected. The log file stated "no infection found" along with all of the previous automatic msrt runs stating "no infection found".

    I have no idea what the reported infections meant while it was running.
      My Computer


  4. Posts : 1,363
    Win7 pro x64
       #4

    mjf said:
    When I ran mrt.exe manually on c: it took ~30min and I saw 7 infections accumulate as it was running. When it finished it reported no malicious software detected. The log file stated "no infection found" along with all of the previous automatic msrt runs.
    exact same thing happened to me
      My Computer


  5. Posts : 3,487
    Win 7 Pro x64/Win 10 Pro x64 dual boot
    Thread Starter
       #5

    mjf said:
    I have no idea what the reported infections meant while it was running.
    I have no idea either. The log says it didn't crash like I thought it did, but it showed five infections along the way. The log results show no infections found.

    Weird.

    I'll mark this as solved. Thanks for the help, guys. :)
      My Computer


  6. Posts : 5,605
    Originally Win 7 Hm Prem x64 Ver 6.1.7600 Build 7601-SP1 | Upgraded to Windows 10 December 14, 2019
       #6

    From what I read here: Malicious Software Removal Tool finds 194 infections, says there is none on completion The first answer by RickCP:

    If the mrt.log file shows clean (no infection found) then it's likely MSRT suspected a possible threat during the scan, displayed it as such (preliminary detection) but determined it was not an actual threat before completion.

    The initial detection could be due to heuristic analysis or an incorrect virus signature in the database. Microsoft Antimalware software uses heuristic analysis which will automatically submit suspected threats to the server where the file(s) is checked against signature updates in the master database.

    If a match is found and verified as malicious, updated signatures will be downloaded in order to take action on the detection.

    If the detection is determinded to be a false positive, no action is necessary.
    My take on this is the dialog box while mrt is running is deceptive and there should be a link to a more complete explanation of how mrt works.

    What is not explained is these supposedly infected files are flagged as suspicious and unbeknownst to the user mrt sends reports of these files to the server for further review, when the server sends the results back to the running program, the program acts accordingly and either ignores the flagged files or cleans them from your system.

    If one sees infected files but a clean system you're okay.
    if one sees no infected files and a clean system you're okay.

    Kinda like you're damned if you do and damned if you don't, but it's still best to run mrt.


    Note: Kudos to RickCP he explained it more eloquently that me.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 14:53.
Find Us