|25 Jul 2011||#1|
| || |
MRT.EXE and MRTSTUB.EXE - real or malware?
I just installed a new HDD to an HP Pavilion (removed old HDD w/Vista) and installed Windows 7 Home Premium SP1.
I also installed Avast and Threatfire prior to connecting the machine to the internet. All was fine.
I connected to the internet and clicked windows update and there were 29 important updates that downloaded but had not yet installed. I wanted to make sure the system was up to date before I started loading software so I clicked to install the updates. Nothing seemed to happen so I opened windows update again and told it to install but it said it couldn't do anything because it was in the process of installing updates. That seemed weird (since there was no indication at all that anything was happening).
So I left it alone and came back later and saw an alert from Threatfire about a file named MRTSTUB.EXE trying to create a file called MRT.EXE.
See attachment for screen cap showing alert (center window), "details" (left window) and Windows Explorer showing that the file isn't where it says it is.
I researched the alert and came up with 50/50 "it's malware" vs "it's part of windows" (the Windows Software Removal Tool to be exact). Not helpful at all.
The last few posts in the forum thread at the following link sums up the situation.
mrtstub.exe????? - Wilders Security Forums
The advice to check the properties of the file seemed great, except as you can see in the screen cap, the MRTSTUB.EXE file isn't where it says it is and I can't find a folder with the name (long string) shown in the details pane in the left window of the screen cap. So I can't check the properties of the file.
So THAT leads me to believe that it really is something nasty. But I can't figure out how it could be there if it didn't come in directly through windows update. I have a secure, wired router/network, it's a brand new OS that's never been used (Windows Update is the first thing I did after installing the OS). And I didn't do any web surfing or install anything else. Everything done with this new pristine system is listed above.
So I'm clueless.
I let Threatfire kill the process and quarantine the file.
Not sure what to do next. I would like to still use the Windows Software Removal Tool but I'm a bit gun shy now and to top it off, I'm not sure if I may have damaged anything or put myself at risk by killing and quarantining a process or file that SHOULD be running. I'm also not sure if the WSRT is on the machine or not at this point.
|My System Specs|
|25 Jul 2011||#2|
| || |
I wouldnt worry too much. MRT is not a substitue for a resident AV for various reasons- 1) MRT only removes malware AFTER infection, it doesnt BLOCK malware like an AV. 2) MRT is designed to target a small set of malware only while an AV takes care of most malware out there in the world today. 3) MRT can only detect actively running malware, an AV can also detect dormant malware.
So stick to what Threatfire says and you'll be fine.
|My System Specs|
|25 Jul 2011||#3|
| || |
Download and install MalwareBytes (link in my sig).
turn off all of your other anti-whatever software.
Run malware bytes.
Let us know the results.
Oh yes, after running malwarebytes you can turn your anti-everything software.
Did you know that you can simply delete your present anti-stuff and install the best free non-interfering small-footprint anit-virus software, namely, Microsoft Security Essentials (MSE) link in my sig.
When you install MSE, it weill set your system up so that MSRT is run every month. MSRT is updated by Microsoft monthly. MSRT (Malicious Software Removal Tool) removes root-kits and the likes there of. MSE is updated, sometimes several times a day (if you've enabled mse checking for updates on that frequency). Coupled with the Windows Firewall you are in good shape.
|My System Specs|
|Similar help and support threads for2: MRT.EXE and MRTSTUB.EXE - real or malware?|
|Malware-splosion: 2013 Will be Malware's Biggest Year Ever||Security News|
|New Android malware tricks users with real Opera Mini||Security News|
|Strange folder on C:\ containing mrtstub.exe||Software|
|Malware Removal Guide 2011: How to Get Rid of All The Latest Malware||Security Basics|
|Real-World Malware Protection Report||System Security|
|Real Player SP Scheduler Locks-Up Real Player||Software|
|Fake Microsoft E-Mail Carries Real Malware||News|
|Our Sites ||Site Links ||About Us ||Find Us |
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd
All times are GMT -5. The time now is 03:29 AM.