How to Use the Microsoft Security Essentials Removal Tool
The image at the right (click to enlarge), is an example of computer that is infected with a fake antivirus caused by a fake MSE Trojan alert, rootkit, and Trojans. End-users can remove this malware using Microsoft Security Essentials by using the method below:
Download Microsoft Security Essentials from the vendor's website.
- Allow the antivirus software to check for updates, and run its initial quick scan on the infected computer.
While the scan is running, the real-time protection module by MSE should detect active malware . Active malware are malicious files that have loaded in Windows with or without a graphical user interface, before the antivirus program was installed.
- You can stop the scan, and then proceed in removing the detected threats. It's not required to stop the scan when the on-access scanner finds and removes active malware.
- When the Microsoft Security Essentials removal tool has finished removing the risks, the active malware will be shutdown because MSE can end the task of malicious processes.
Allow MSE to restart the computer and then run a quick scan to look for any additional active malware.
- The on-demand scanner will now start checking the computer for malware that is residing and actively running in Windows. And if it finds more malware, the clean-up option will be available.
- Again, allow MSE to remove the detected threats and also the required system restart for removal process to succeed.
- Do not stop running a scan until MSE displays a message that the computer is now clean.
It is recommended to run a full system scan when an antivirus program has found and removed malware. A full system scan using MSE checks other files and location in hard-disks for viruses and other types of malware that the quick scanner does not thoroughly check.
Note that it is not possible to install MSE in the safe mode boot option of Windows. If the malware is nasty that is preventing antivirus software to be installed or run, you should try using other antivirus or on-demand malware scanners in cleaning an infected computer.
The default actions of Microsoft Security Essentials in handing malware infection depends on the risk rating and type of infection. If it's severe or high risk, a remove option is recommended. If the threat contains a medium or low rating, users should review the detected item (the path or the software details), and then decide which actions for MSE to take such as remove, allow, or quarantine. People can also choose to allow MSE in handling everything, and it's not a problem since any removed threats are sent to quarantine, allowing users to restore if needed.
The only missing option in MSE is the ability to repair or disinfect legitimate files; e.g., system files that were injected by a malicious code. When MSE has removed or quarantined a system or program file, you should run a system file checker and/or re-install the affected program. Some antivirus provides an option to disinfect or repair infected legitimate files, but the integrity of the file is questionable until the user finds no problem when using the application or the system itself.
Screenshots by author courtesy of Microsoft Security Esssentials.