MRT.EXE and MRTSTUB.EXE - real or malware?


  1. buckscaper
    Posts : 19
    Win7 Home Premium SP1 32bit
       New #1

    MRT.EXE and MRTSTUB.EXE - real or malware?


    Hi there,

    I just installed a new HDD to an HP Pavilion (removed old HDD w/Vista) and installed Win7 Home Premium SP1.

    I also installed Avast and Threatfire prior to connecting the machine to the internet. All was fine.

    I connected to the internet and clicked windows update and there were 29 important updates that downloaded but had not yet installed. I wanted to make sure the system was up to date before I started loading software so I clicked to install the updates. Nothing seemed to happen so I opened windows update again and told it to install but it said it couldn't do anything because it was in the process of installing updates. That seemed weird (since there was no indication at all that anything was happening).

    So I left it alone and came back later and saw an alert from Threatfire about a file named MRTSTUB.EXE trying to create a file called MRT.EXE.

    See attachment for screen cap showing alert (center window), "details" (left window) and Windows Explorer showing that the file isn't where it says it is.

    I researched the alert and came up with 50/50 "it's malware" vs "it's part of windows" (the Windows Software Removal Tool to be exact). Not helpful at all.

    The last few posts in the forum thread at the following link sums up the situation.

    mrtstub.exe????? - Wilders Security Forums

    The advice to check the properties of the file seemed great, except as you can see in the screen cap, the MRTSTUB.EXE file isn't where it says it is and I can't find a folder with the name (long string) shown in the details pane in the left window of the screen cap. So I can't check the properties of the file.

    So THAT leads me to believe that it really is something nasty. But I can't figure out how it could be there if it didn't come in directly through windows update. I have a secure, wired router/network, it's a brand new OS that's never been used (Windows Update is the first thing I did after installing the OS). And I didn't do any web surfing or install anything else. Everything done with this new pristine system is listed above.

    So I'm clueless.

    I let Threatfire kill the process and quarantine the file.

    Not sure what to do next. I would like to still use the Windows Software Removal Tool but I'm a bit gun shy now and to top it off, I'm not sure if I may have damaged anything or put myself at risk by killing and quarantining a process or file that SHOULD be running. I'm also not sure if the WSRT is on the machine or not at this point.

    Any ideas?

    Thanks
    Attached Thumbnails Attached Thumbnails MRT.EXE and MRTSTUB.EXE - real or malware?-img_20110725_025121.jpg  
      My Computer
    Quote Quote

  3. Bill2
    Posts : 5,056
    Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
       New #2

    I wouldnt worry too much. MRT is not a substitue for a resident AV for various reasons- 1) MRT only removes malware AFTER infection, it doesnt BLOCK malware like an AV. 2) MRT is designed to target a small set of malware only while an AV takes care of most malware out there in the world today. 3) MRT can only detect actively running malware, an AV can also detect dormant malware.

    So stick to what Threatfire says and you'll be fine.
      My Computer
    Quote Quote

  4. karlsnooks
    Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       New #3

    buckscraper,

    Download and install MalwareBytes (link in my sig).

    turn off all of your other anti-whatever software.

    Run malware bytes.

    Let us know the results.

    Oh yes, after running malwarebytes you can turn your anti-everything software.

    Did you know that you can simply delete your present anti-stuff and install the best free non-interfering small-footprint anit-virus software, namely, Microsoft Security Essentials (MSE) link in my sig.

    When you install MSE, it weill set your system up so that MSRT is run every month. MSRT is updated by Microsoft monthly. MSRT (Malicious Software Removal Tool) removes root-kits and the likes there of. MSE is updated, sometimes several times a day (if you've enabled mse checking for updates on that frequency). Coupled with the Windows Firewall you are in good shape.
      My Computer
    Quote Quote

  6. buckscaper
    Posts : 19
    Win7 Home Premium SP1 32bit
    Thread Starter
       New #4

    Hi,

    Thanks for the replies. I've been working and using another machine so I haven't been able to run malwarebytes yet but that will be my next step. I just didn't want to leave this thread hanging. I'll post again after I run it.

    Thanks.
      My Computer
    Quote Quote

 

  Related Discussions
Magdeburg-based research lab AV-Test.org today released the results of a lengthy real-world malware protection study. This test challenged a dozen major security suites to protect Internet-connected physical computers against up-to-the-minute threats. Each day for 60 days, researchers released 10...
more
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 01:11.
Find Us