locked
MSRT reports an infected file during scan, then reports no infections on completion RRS feed

  • Question

  • When running MSRT manually and doing a full scan, it reports ,,,,,Files Infected: 1,,,,,,while scanning, but when it completes, it reports no infections. Any ideas as to the problem here? I have also ran a full system virus scan, with nothing found.
    Thursday, August 28, 2014 2:01 PM

All replies

  • Try download and run a full system scan with:

    http://www.microsoft.com/security/scanner/en-us/default.aspx

    And check the result.

    Thursday, August 28, 2014 5:09 PM
  • I am running that at present. It has NOT reported the infection so far, and has passed the point that MSRT reported it. Also, it seems that MSRT stops scanning once the infection is reported, as the drive light stops flashing, although the filenames keep rolling by.
    Thursday, August 28, 2014 5:48 PM
  • Hi  Lj,

    For Microsoft Malicious Removal Tool, there will be log generated after installed as well as a scann is finished, the log normally lie at: C:\Windows\Degug, file name is mrt.log, this file record the whole process of the situation you descripted, you can find the explanation by reading the mrt.log file.

    Regards


    Wade Liu
    TechNet Community Support

    Sunday, August 31, 2014 9:16 AM
  • Yes. The log only reports start and stop times, and no infections found. No Idea what's going on, but as I said, while scanning it reports one file infected, then on completion, it reports nothing found. No other scan I have run, has found anything, but my machine appears to have slowed down as well. I'm still scanning regularly, with no finds. Also, with the last windows update session, I restarted after it completed, however, on the next restart, I got a message, "installing update 64 of 64 regedit Hkey Local_machine/curr,,,,,,," That was all the screen displayed. And My firewall has reported blocked upload attempts of late.

    • Edited by LJ1215 Thursday, September 4, 2014 4:54 PM
    Thursday, September 4, 2014 4:40 PM
  • Malicious Software Removal Tool is only able to detect certain Malwares while the Safety Scanner is able to detect more malicious software including all the one which is being detect with Malicious Software Removal tool. If it didn't detect anything, it could be a false alarm. If you know the file which you believe it is infected, then you may submit its sample to Microsoft Malware Protection Center:

    http://cyberdefend.wordpress.com/2012/08/11/submit-sample-to-microsoft-malware-protection-center/

    https://www.microsoft.com/security/portal/submission/submit.aspx

    Malware, might or might not cause PC slowness, you may try run defragment and disk clean up and they might improve your performance.

    • Marked as answer by Roger Lu Tuesday, September 9, 2014 8:10 AM
    • Unmarked as answer by LJ1215 Monday, November 17, 2014 7:09 AM
    Thursday, September 4, 2014 6:05 PM

  • Hi LJ,

    The message "installing update 64 of 64 regedit Hkey Local_machine/curr,,,,,,," means the update of Microsoft Malicious Removal Tool, the file name and directory will be shown during the scann period if it is a virus, you can find the file and deal it as Cyber’s advice.

     Regards


    Wade Liu
    TechNet Community Support


    • Edited by Wade__Liu Sunday, September 7, 2014 2:37 AM
    Sunday, September 7, 2014 2:37 AM

  • Hi LJ,

    The message "installing update 64 of 64 regedit Hkey Local_machine/curr,,,,,,," means the update of Microsoft Malicious Removal Tool, the file name and directory will be shown during the scann period if it is a virus, you can find the file and deal it as Cyber’s advice.

     Regards


    Wade Liu
    TechNet Community Support



    I have run this MANY, MANY times, and never saw that before. Also, it happened when I had NOT run MSRT. I have since done a new install on another machine, and never saw the message. The machine that the message appeared on is still having issues, including trying to connect to a non existent MAC address. By non existent, I mean it is NOT listed in the MAC data base. It is fake, and is only one character different than my own router's MAC address. That machine is downloading trojans, which my AV catches, but it still has not caught the initial problem. Nothing I have run has found the issue, but it apears to be connected to Windows Explorer, as when I open it, the machine tries to connect to the false MAC. Any help here is appreciated. Thanks.
    • Edited by LJ1215 Monday, November 17, 2014 6:38 AM
    Monday, November 17, 2014 6:35 AM
  • This is still happening. Now the MSRT scan reports 4 files infected during the scan instead of 1, and shows 4 files infected right to completion, then completes reporting nothing found. Something has to be going on here. Also the log file always shows only the start time, and completion with error code 0. It takes around 10 hours to scan this machine, reports infections during the scan, then completes saying nothing found, so what is the deal? Looks like the scanner is not doing it's job. 6 months since this was first encountered, and getting more infections reported, yet not being addressed. It would be a bit different if it even said it could not remove the infection, but to show the infections all the way to the end of the scan, then end and report nothing found, I'm thinking MSRT is defective, or whatever it is, is making it report nothing found, instead of removing it, and is spreading. Also MSERT does NOT report any infected files during the scan. So this also confuses me. I can not get a grasp on what is going on here. My AV also finds nothing on a manual scan, but occasionally will remove something during an automatic scan. Any ideas on this at all?
    Sunday, March 15, 2015 3:48 PM
  • I've had the same problem. MSRT say's infected files after about 4 hours into the run, then at the end nothing found.

    It take's over 25 hours to run on my machine due to having over 8.5 million files.

    Either there is an infection or there is not.

    Please fix MSRT or take it off the download's.

    Wednesday, October 5, 2016 2:44 PM
  • It's a real virus infection. But I don't know how to get rid of it..

    • Edited by nile2020 Monday, October 31, 2016 12:58 AM
    Monday, October 31, 2016 12:55 AM
  • Hello - In case you have not already used it to scan and remove any possible infections, I recommend MalwareBytes Anti-Malware Free. As the name implies, it is free and can be safely downloaded from the CNET.com Downloads web site, here:

    http://download.cnet.com/Malwarebytes-Anti-Malware-Free/3000-8022_4-10804572.html

    I have found that if nothing else works, Malwarebytes does the job. Just copy the above URL into your browser search box and click Enter.


    • Edited by Juanaquena Sunday, November 20, 2016 6:49 PM added information
    Sunday, November 20, 2016 6:22 PM
  • "MalwareBytes not helping - hangs up on "update".  Time Warner has quarantined me 3 times - have run MSRT, malwarebytes and others.  No help there.  TW insists one of my devices is infected but is very unhelpful with helping to identify the device.  I don't want to reset all my devices - pcs, smartphone and tablets. TW said it is a lethic spambot.  Any ideas?  Right now I'm in a Starbucks and will be running 1 device a week on my home wifi to try and identify the infected device.
    Thursday, December 8, 2016 6:49 PM
  • I also have the same conundrum.

    Ran a scan using the Malicious Software Removal Tool (msert) which reported that there were over 170 infected items during the scan.

    Upon completion of the scan, it reports zero infected and the log doesn't show any record of the infected items.

    I'd love to know what is really happening.

    Sunday, March 26, 2017 9:43 PM
  • I can see the same behaviour on all my desktops and laptops. Infected files detected during the scan and nothing when scan is completed. Nothing in log. 

    I have just found this:

    https://answers.microsoft.com/en-us/windows/forum/windows_8-security/when-running-the-malicious-software-removal-tool/bba3d806-fae9-4593-b353-9cfd63f85039

    • Edited by Pursat92 Monday, April 17, 2017 8:23 PM Just found explanation
    Monday, April 17, 2017 8:20 PM
  • I am having the same problem, only it shows 206 infected files during scan, and my computer is lagging and openng pages I did not click, like the old gators used to do. It appears the virus is outsmarting Microsoft by telling it to report no problems at the end. Please fix the issue, and let us know when the MSRT is doing it's job correctly. For now, I am going backup my files, and reinstall Windows 10 hoping this will wipe the problem clean. Dammit.

    Thanks for your help in advance!


    • Edited by Aelfina Monday, November 20, 2017 2:11 AM
    Monday, November 20, 2017 2:11 AM
  • Hi same here, reports infections but Malwarebytes, a\v etc say all clear.

    How about sorting this out m\s

    Monday, November 27, 2017 8:35 PM
  • same here im trying to not have to clean install. if you guys figure it our please post what you did. Id suggest changing all your passwords after you get it figured out for sure. no doubt malware/spyware/virus is amiss. and microsofts tools are terrible. Im under the impression that the virus has created a user that's essentially the admisnistrator with full privleges and overwrites the programs before they can report or delete it. I have found some of the bogus files and its replicated them if i can even get it to delete. its a pain in the ass at this point.

    Ill be sure to holler if i figure this out guys/girls.

    Monday, November 27, 2017 10:25 PM
  • No problem with how MSRT is working *thumbs up* what is happening is false positives are sometimes detected during the scan then the results are essentially cross checked then removed from the results if found to be valid files.

    'xian wang X' explains in more detail below how MSRT works and includes info in regards to false positive's:

    "nothing to be concerned about here, this is the normal behaviour for mitigating false positive detections in MSRT.


    Basically this is what happens when a MSRT build, containing false positive signature/s, does during a scan:

    1. MSRT makes a detection on the client machine during the scan, the UI displays 1 detection

    2. Scan completes, and the signature is checked with Microsoft AV backend, which has the offending signature marked as a false positive.

    3. Disable notification is sent from the backend to the client machine, and the offending signature is disabled.

    4. the UI displays the scan result, and since the offending signature is disabled, no detections are reported."

    I hope this info helps people out there ^_^

    Have a super day!
    Godbless

    Thursday, December 7, 2017 3:52 AM
  • I have the same problem.  My full scan shows "49 infected files" but nothing on final report.  This is an obvious flaw, which Microsoft should address.  One easy fix would be to list each directory and infected file as it finds them, not just increment a counter.

    • Proposed as answer by strawshackaz Thursday, January 25, 2018 6:33 PM
    Thursday, January 25, 2018 6:32 PM
  • on my workstation ... reported 17 "infected files" as it was running ... ends with return code: 0

    inspected 9m files ... run time 90 minutes  (ES-2687W)

    Saturday, February 17, 2018 9:02 PM
  • After you use Malwarebytes ... uninstall it ... not secure based on my past research
    Saturday, February 17, 2018 9:04 PM
  • Now THAT was a sensible and informed reply ... thank you!

    (I was just about to go and change all 50 of id/pswd combos)

    Saturday, February 17, 2018 9:07 PM