Microsoft Windows Malicious Software Removal

When I scanned my complete PC with Microsoft Windows Malicious Software Removal Tool v5.77, November 2019 (build 5.77.16547.2), during scan It shows "Files Infected : 5" but after when the scan is done it shows "No infection found". 

Why is it so?

That's normal. During the scan the scan engine is still evaluating. When the scan is finished, the real result will be displayed.

The end result is what counts.

The wording is just a bit awkward.

The complete explanation is rather involved, but the core reason is simple and relates to how all of the Microsoft security apps operate, but also how the Malicious Software Removal Tool differs from the others.

All of the Microsoft security apps are based on the same core scan engines, even though the display interface and modes of operation for each of these have some minor differences.  One of the core design criteria is that the AV client app collects various file, registry or other detection items during the scanning process and then communicates or "phones home" to the Microsoft servers during the final verification phase immediately before displaying the final results.

This communication is performed not only to collate and verify the names and other information displayed, but also to confirm the item(s) are truly malware and not simply fragments or false positive (e.g. incorrect) detections.

Since unlike the built-in AV clients such as Defender or MSE, the MSRT tool is sometimes operated manually with the display interface on screen, the Files infected item was added to provide an intermediate indication that malware "might" be present.  However, since the MSRT is also different in that it only detects a small number of roughly 125 of the most common malware "families", the scan engines can sometimes detect potential malicious items that this limited AV client won't end up displaying in the final scan results.

So what you're seeing is actually a visual anomaly of the fact that the limited MSR client doesn't detect most malware, along with the relatively useless ability for it to display intermediate results that haven't been either collated or verified.

Since the MSRT was designed primarily to operate automatically during the once per month Windows Update (Black Tuesday) process, it was designed for speed and simplicity as a sanity check, so using it as a manual scanning tool other than for this reason is really a misapplication of the tool.  Instead, you should be using either the Microsoft Safety Scanner or the built-in Defender client to perform these manual checks or possibly even a 3rd-party tool like MalwareBytes Ant-Malware as an on-demand alternative that your core AV product is detecting the variety of malicious items you personally might encounter.

Rob

Hi PrashantKumar_438,

I'm Charles, an Independent advisor trying to help.

To complement the information that has already been shared, I add this link from a Windows MVP, which explains, suggests and details the data related to this tool.

https://www.tenforums.com/tutorials/6027-malici...

I hope the information is useful

Attentive to any comments

Have a happy day
Best Regards,
Charles.

Note: This is a non-Microsoft website. The page appears to be providing accurate, safe information. Watch out for ads on the site that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the site before you decide to download and install it.

Let's also add this link: https://support.microsoft.com/en-us/help/890830/remove-specific-prevalent-malware-with-windows-malicious-software-remo

with this updated part:

"

"

Sometimes, malwares located in temporary location and after files there has been removed, then it shows no malware find like temporary internet files or temp files when they have been removed before scanner remove them.

You could also check log files on SYSTEMROOT%\debug\msert.log to get more details.

Try run quick scan and one more full scan and see if they show any malware?