So, I've been having a malware problem, and I found the file mrtstub.exe, and of course I search for it on the internet and a site says that it is malware and to remove it. So, I did. When I first tried to run the MS Removal Tool, it said that it could not run and something about mrtstub.exe. A few minutes later, I tried to run it again, and it ran. Matter of fact, it is still scanning. Now, I've got this file on my system again (I don't know how). What gives? Is it legit and a valid MS file, or not? Thanks in advance for your help! --JSS

No, that is probably not malware. It could be if it is in an unusual location, but mrtstub.exe is a component of the Microsoft Malicious Software Removal Tool. Right-click the executable, select properties, and check the Digital Signature tab. If it says it is signed by Microsoft Corporation, it is safe.

I clicked on "Properties" on the ones that I have. Theysay "Unknown Application" and no other info as to being signed by anyone or anything. There is no info as to being unsigned by anyone, either. Thanks again! -jss

If it does not have a Digital Signature tab then it is likely malware that is maskerading as the Malicious Software Removal Tool. Have you run a malware scan on that computer? Why don't you submit that file to VirusTotal and see what they say? It is at http://www.virustotal.com. If it is malware that would be very interesting.

Everything came back fine! Thanks Jesper!

deleted.

Hey I was curious too so I was looking at properties and such and it disappeared while I was looking at it. I figured it out: I had been installing a Vista update through Windows Update. I think it is nothing to worry about.

Hi. I just started a virus scan of my c:/ drive. Within 30 minutes it found 2 Trojan Horse in separate folders. I check each folder and they each had mrstub.exe files. I'm using Avast anti-virus. It recommended to put the files in the chest. Should I remove both folders with the mrstub.exe? Any feedback is appreciated. Thanks.

This is from Computer Active Magazine "Make a not where the 'mrtstub.exe' is located and then swith off your computer. Restart your computer and press F8 before the windows logo appears. This should bring you to your Safe Mode Window. Press 'Safe Mode' and when you return to your desktop, seek out the location of the 'mrtstub.exe' and press delete. Send it to the recycle bin and restart your computer. Empty your recycle bin Regards Jim

MRT and MRTSTUB are associated with the Microsoft Malicious Software Removal Tool. They will install during the Vista, Win7 and other microsoft updates. "MRT" as in Microsoft Removal Tool

http://support.microsoft.com/kb/890830 Article ID: 890830 - Last Review: October 13, 2010 - Revision: 80.0 The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows 7, Windows Vista, Windows Server 2003, Windows Server 2008, or Windows XP Q21: I found the Mrtstub.exe file in a randomly named directory on my computer. Is the Mrtstub.exe file a legitimate component of the tool? A21: The tool does use a file that is named Mrtstub.exe for certain operations. If you verify that the file is signed by Microsoft, the file is a legitimate component of the tool.

I have the same thing too, i think it's bad if it's in a place like this:(Dir Tree) C:\01ec76e9b04b69281698\ | |---mrtstub.exe (72KB) |---mrt.exe(4965KB)

Mine is the same; looks suspicious, in a strange location (C:\bunchonumbers), no signature etc. But I sent it to http://www.virustotal.com - thank you, Jesper! - and it came back clean within 5 minutes! This site and their site are my new favorites; thanks everybody : )

That is not what MRT stands for actually. Anything that is microsoft starts with MS like MS word, MS Windows and so on. The Microsoft Windows Malicious Software Removal Tool starts with these letters (MSRT). So There for since this strange file everyone is asking about is MRT or MRTSTUB I do NOT believe it to be associated with microsoft due to my statment above. As for whether it is dangerous i am still looking that up. Well so far I have found conflicting answers to this question. But my biggest thing is if it is related to Microsoft then why is it not MSRT? that is what I would like to know first.

One has to take ownership of the file to see all it's attributes. If you do not, you do not see much of anything about it under Windows7 Professional, most likely due to security safeguards. If you do, you should find that it is a digitally RSA signed program from Microsoft with a description of "Malicious Software Removal Tool Update Stub", hence the Stub in the name. It also has details showing a Microsoft Corporation Copyright with the same Product name as the afore mentioned File description. I also see a version of 3.22.5202.0, which is fitting with MS versioning and not something one usually sees hackers taking the time to fillout with their malware or viruses. If you enable to see known suffixes, the two files one observes are "mrt.exe._p" and "mrtstub.exe". So it would appear for the record that JemimalKitten is wrong and Galterio is correct. Also, if you've done any work in the kernel space of Windows, you would see that MS does NOT preceed all files produced by Microsoft. Take ntldr for instance which is the Windows loader that has been around since the early days of NT, hmmm no "MSntldr" there. Same holds for "hal.dll", although the hardware abstraction layer has been fragmented more since Windows 2000 to various subsystems like pnp that has several files which begin with pnp prefix. Go ahead and peruse our Windows %systemroot%\system32 to see numerous other such files which are all legit MS Windows files which do not have Ms prefix as claimed in earlier posts.