What is the Windows Malicious Software Removal Tool and how can I remove it?
In the early hours of February 24th GMT, Windows’ automatic updates installed an update on my Windows 7 machine that included a definition update to the Malicious Software Removal Tool.
The Malicious Software Removal Tool (or KB890830) is a Windows malware-protection offering that updates and runs once a month, and proceeds to remove any threats it finds without user confirmation.
From the update details:
Windows Malicious Software Removal Tool x64 – February 2017 (KB890830)
Download size: 7.9 MB
You may need to restart your computer for this update to take effect.
Update type: Important
After the download, this tool runs one time to check your computer for
infection by specific, prevalent malicious software (including
Blaster, Sasser, and Mydoom) and helps remove any infection that is
found. If an infection is found, the tool will display a status report
the next time that you start your computer. A new version of the tool
will be offered every month. If you want to manually run the tool on
your computer, you can download a copy from the Microsoft Download
Center, or you can run an online version from microsoft.com. This tool
is not a replacement for an antivirus product. To help protect your
computer, you should use an antivirus product.
As it happens, the February update to MSRT’s definitions list flagged tools that I had run for years with no problems – namely, the KMSPico activator for Microsoft Office – as being malicious, and removed them from my system without confirmation. In addition to this invasive approach to perceived threats, the tool doesn’t appear in Windows Update’s Installed Updates dialogue, effectively denying users the right to pass on what is both an invasive and inadequate tool, and it also reverted my UAC settings to the highest level.
What follows is a short guide to undo any adverse effects of the forced update, as well as to disable MSRT entirely, giving you the option of relying on time-tested, dedicated anti-malware and anti-virus offerings. I’m hoping this will hopefully be useful to anyone else adversely affected by the latest update to MSRT’s definitions list.
