Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: MRT.EXE and MRTSTUB.EXE - real or malware?


25 Jul 2011   #1

Win7 Home Premium SP1 32bit
 
 
MRT.EXE and MRTSTUB.EXE - real or malware?

Hi there,

I just installed a new HDD to an HP Pavilion (removed old HDD w/Vista) and installed Windows 7 Home Premium SP1.

I also installed Avast and Threatfire prior to connecting the machine to the internet. All was fine.

I connected to the internet and clicked windows update and there were 29 important updates that downloaded but had not yet installed. I wanted to make sure the system was up to date before I started loading software so I clicked to install the updates. Nothing seemed to happen so I opened windows update again and told it to install but it said it couldn't do anything because it was in the process of installing updates. That seemed weird (since there was no indication at all that anything was happening).

So I left it alone and came back later and saw an alert from Threatfire about a file named MRTSTUB.EXE trying to create a file called MRT.EXE.

See attachment for screen cap showing alert (center window), "details" (left window) and Windows Explorer showing that the file isn't where it says it is.

I researched the alert and came up with 50/50 "it's malware" vs "it's part of windows" (the Windows Software Removal Tool to be exact). Not helpful at all.

The last few posts in the forum thread at the following link sums up the situation.

mrtstub.exe????? - Wilders Security Forums

The advice to check the properties of the file seemed great, except as you can see in the screen cap, the MRTSTUB.EXE file isn't where it says it is and I can't find a folder with the name (long string) shown in the details pane in the left window of the screen cap. So I can't check the properties of the file.

So THAT leads me to believe that it really is something nasty. But I can't figure out how it could be there if it didn't come in directly through windows update. I have a secure, wired router/network, it's a brand new OS that's never been used (Windows Update is the first thing I did after installing the OS). And I didn't do any web surfing or install anything else. Everything done with this new pristine system is listed above.

So I'm clueless.

I let Threatfire kill the process and quarantine the file.

Not sure what to do next. I would like to still use the Windows Software Removal Tool but I'm a bit gun shy now and to top it off, I'm not sure if I may have damaged anything or put myself at risk by killing and quarantining a process or file that SHOULD be running. I'm also not sure if the WSRT is on the machine or not at this point.

Any ideas?

Thanks



Attached Thumbnails
MRT.EXE and MRTSTUB.EXE - real or malware?-img_20110725_025121.jpg  
My System SpecsSystem Spec
.

25 Jul 2011   #2

Windows 7 x64 pro/ Windows 7 x86 Pro/ XP SP3 x86
 
 

I wouldnt worry too much. MRT is not a substitue for a resident AV for various reasons- 1) MRT only removes malware AFTER infection, it doesnt BLOCK malware like an AV. 2) MRT is designed to target a small set of malware only while an AV takes care of most malware out there in the world today. 3) MRT can only detect actively running malware, an AV can also detect dormant malware.

So stick to what Threatfire says and you'll be fine.
My System SpecsSystem Spec
25 Jul 2011   #3

MS Windows 7 Ultimate SP1 64-bit
 
 

buckscraper,

Download and install MalwareBytes (link in my sig).

turn off all of your other anti-whatever software.

Run malware bytes.

Let us know the results.

Oh yes, after running malwarebytes you can turn your anti-everything software.

Did you know that you can simply delete your present anti-stuff and install the best free non-interfering small-footprint anit-virus software, namely, Microsoft Security Essentials (MSE) link in my sig.

When you install MSE, it weill set your system up so that MSRT is run every month. MSRT is updated by Microsoft monthly. MSRT (Malicious Software Removal Tool) removes root-kits and the likes there of. MSE is updated, sometimes several times a day (if you've enabled mse checking for updates on that frequency). Coupled with the Windows Firewall you are in good shape.
My System SpecsSystem Spec
.


26 Jul 2011   #4

Win7 Home Premium SP1 32bit
 
 

Hi,

Thanks for the replies. I've been working and using another machine so I haven't been able to run malwarebytes yet but that will be my next step. I just didn't want to leave this thread hanging. I'll post again after I run it.

Thanks.
My System SpecsSystem Spec
Reply

 MRT.EXE and MRTSTUB.EXE - real or malware?




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:50 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33