Re: mrtstub.exe

Giganews Newsgroups
Subject: Re: mrtstub.exe
Posted by:  MowGreen [MVP] (mowgre…
Date: Thu, 15 Jan 2009

It's a temporary stub for the Windows Malicious Software Removal Tool
and it [they] should have been deleted when the tool finished running.
However, if the system is infected and the malware is controlling it,
then said malware might be preventing the system from being restarted so
that the MRT can remove it.
Check the mrt.log located in WINDOWS\Debug to see if this is the case.

IF something has been detected and it's preventing the tool from
removing it, boot to Safe Mode.
Once in SM, click Start > Run > type in mrt in the Open line and then
click OK or press Enter.
The tool will open after a short period of time. Click Next.
Put a mark next to " Full scan", click Next.

Go for a walk as it will take a *long* time for the tool to run.
Or, go shopping and help save the economy <w>

The MRT *should* be able to remove any detected malware in Safe Mode
unless it has a rootkit associated with it.
Post back with whatever is showing in the mrt.log.

IF nothing is being detected, then you can safely delete the temp stub

MowGreen  [MVP 2003-2009]
  *-343-*  FDNY
Never Forgotten

ellisdesiā€¦ wrote:

> I have noticed that several of my drives have multiple folders with
> randomly generated names like  < c1d507a65a5b840fd01d >
> Each of these folders contains three files - $shtdwn$.req :
> mrt.exe._p : mrtstub.exe.
> These look like something that has been generated by an abnormal
> shutdown ($shtdwn$ is a bit of a clue), and I wonder if I can safely
> delete them?
> Looking for mrtstub.exe in Google brings up a load of alarming
> messages indicating that it might be malware, that running it might
> delete all my data ..... etc.
> I would like to get rid of it - can I safely do so?
> Peter



In response to

mrtstub.exe posted by ellisdesi… on Thu, 15 Jan 2009