Should I block it?

60%
60% of PCs block this file from running.
Possible reason:
Performance resource utilization

VersionsAdditional versions

5.13.10300.0 2.70%
5.12.10200.0 24.32%
5.9.9902.0 10.81%
5.9.9902.0 2.70%
5.7.9701.0 13.51%
5.6.9603.0 40.54%
4.19.7304.0 2.70%
4.16.7000.0 2.70%

Relationships

Parent process
Related files

PE structurePE file structure

Show functions
Import table
advapi32.dll
OpenSCManagerW, OpenServiceW, QueryServiceStatus, QueryServiceConfigW, OpenProcessToken, RegCloseKey, CopySid, AllocateAndInitializeSid, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDestroyHash, CryptGenRandom, CryptAcquireContextW, FreeSid, GetLengthSid, CheckTokenMembership, RegCreateKeyExW, RegQueryValueExW, RegDeleteValueW, RegOpenKeyExW, CloseServiceHandle, RegisterTraceGuidsW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, TraceEvent, RegSetValueExW, LookupPrivilegeValueW, AdjustTokenPrivileges, CryptReleaseContext
comctl32.dll
DestroyPropertySheetPage, PropertySheetW, CreatePropertySheetPageW, InitCommonControlsEx
gdi32.dll
GetTextMetricsW, GetTextColor, DeleteDC, SelectObject, GetTextExtentExPointW, CreateCompatibleDC, DeleteObject, CreateFontIndirectW, GetObjectW, SetTextColor, ExtTextOutW, GetBkColor, CreateSolidBrush, CreateCompatibleBitmap, SetBkMode, SetBkColor
kernel32.dll
InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, ReadFile, GetFileAttributesW, GetExitCodeProcess, ExpandEnvironmentStringsW, EnumResourceNamesW, FindResourceW, LoadResource, LockResource, SizeofResource, GetLogicalDrives, GetDriveTypeW, Sleep, InterlockedExchange, InterlockedCompareExchange, GetStartupInfoW, OutputDebugStringA, RtlUnwind, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, InterlockedDecrement, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, LocalAlloc, LocalFree, GetVersionExW, GetUserDefaultLCID, CreateThread, GetLastError, SetErrorMode, FreeLibrary, CloseHandle, GetDiskFreeSpaceExW, FileTimeToLocalFileTime, FormatMessageW, SuspendThread, ResumeThread, WaitForSingleObject, GetLocalTime, SystemTimeToFileTime, GetTimeFormatW, EnterCriticalSection, LeaveCriticalSection, SetLastError, MulDiv, lstrcmpW, GetTempPathW, GetTempFileNameW, DeleteFileW, CreateFileW, WriteFile, GetModuleFileNameW, HeapAlloc, GetFileSizeEx, CreateEventW, RemoveDirectoryW, GetCurrentProcessId, WritePrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileStringW, FileTimeToSystemTime, WritePrivateProfileSectionW, MoveFileW, SetFilePointer, FlushFileBuffers, IsDebuggerPresent, OutputDebugStringW, SwitchToThread, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, GetFullPathNameW, WaitForMultipleObjects, GetSystemTime, QueueUserWorkItem, InitializeCriticalSection, TryEnterCriticalSection, SetEndOfFile, GlobalFree, GetProcAddress, GetModuleHandleW, GetSystemInfo, GetProcessHeap, HeapFree, LoadLibraryExW, SetFilePointerEx, GetSystemWindowsDirectoryW, CreateDirectoryW, LoadLibraryW, GetSystemDirectoryW, SetEvent, CreateProcessW
msvcrt.dll
DllMain
netapi32.dll
NetApiBufferFree, NetGetJoinInformation
ole32.dll
CoCreateGuid, CoInitializeEx, CoCreateInstance, CoTaskMemFree, CoUninitialize, StringFromGUID2
rpcrt4.dll
UuidFromStringW, RpcStringFreeW, UuidCreate, UuidToStringW
shell32.dll
SHBrowseForFolderW, SHGetFolderLocation, SHGetPathFromIDListW, ShellExecuteW, Shell_NotifyIconW, ShellExecuteExW
shlwapi.dll
StrStrW, StrStrIW, PathRemoveFileSpecW
urlmon.dll
IsValidURL
user32.dll
SetRect, GetDC, GetClientRect, LoadStringW, GetWindowTextW, GetWindowTextLengthW, CharNextW, UnregisterClassW, RegisterClassExW, LoadCursorW, DefWindowProcW, PostQuitMessage, DispatchMessageW, SetCapture, GetMessageW, CreateWindowExW, RegisterClassW, GetDlgItemTextW, ShowWindow, EnableWindow, SendDlgItemMessageW, ReleaseDC, GetWindowLongW, GetParent, SetWindowLongW, PostMessageW, LoadImageW, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItem, LoadIconW, SendMessageW, SetWindowTextW, SetDlgItemTextW, ExitWindowsEx, GetSystemMetrics, MessageBoxW, ReleaseCapture, GetKeyState, MapWindowPoints, GetFocus, OffsetRect, FrameRect, DrawFocusRect, PtInRect, IsWindowEnabled, InvalidateRect, UpdateWindow, SetCursor, BeginPaint, EndPaint, GetSysColor, SetFocus, TranslateMessage
winhttp.dll
WinHttpSendRequest, WinHttpOpenRequest, WinHttpConnect, WinHttpCrackUrl, WinHttpSetOption, WinHttpGetProxyForUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpQueryOption, WinHttpCloseHandle, WinHttpSetTimeouts, WinHttpOpen, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpSetStatusCallback, WinHttpAddRequestHeaders, WinHttpQueryHeaders, WinHttpWriteData, WinHttpReceiveResponse

mrt.exe

Microsoft Windows Malicious Software Removal Tool by Microsoft Corporation (Signed)

Remove mrt.exe
Version:   4.19.7304.0
MD5:   6e4916dc5ba0697c28915da5261ff250
SHA1:   aaedfe41ea9ac1d8929c5bc40eb39a872c484895
SHA256:   9e894332130c6acc345cb46627cc42c6cd772e418ad2daeaa85f71074f6a2a1d

Overview

mrt.exe executes as a process under the SYSTEM account with extensive privileges (the system and the administrator accounts have the same file privileges) typically within the context of its parent mrtstub.exe (Malicious Software Removal Tool Update Stub by Microsoft). The file is digitally signed by Microsoft Corporation.

DetailsDetails

File name:mrt.exe
Publisher:Microsoft Corporation
Product name:Microsoft Windows Malicious Software Removal Tool
Typical file path:C:\Windows\System32\mrt.exe
File version:4.19.7304.0
Size:67.22 MB (70,490,256 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Wednesday, September 12, 2012
Expiration date:Wednesday, June 12, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks
  • The job '{FA6955C6-856F-4239-928C-E34C2D27FD1B}' runs on registration in the path '\{FA6955C6-856F-4239-928C-E34C2D27FD1B}'
  • The task '{E1651854-9890-4C9E-92A0-A77E1B91C0A2}' runs on registration in the path '\{E1651854-9890-4C9E-92A0-A77E1B91C0A2}'
  • The task '{968F4498-EC94-4EB5-90B0-51FAC6A713D4}' runs on registration in the path '\{968F4498-EC94-4EB5-90B0-51FAC6A713D4}'
  • The task '{797400D0-088B-4ED0-A249-46CBD2CFE6A7}' runs on registration in the path '\{797400D0-088B-4ED0-A249-46CBD2CFE6A7}'
  • The job '{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}' runs on registration in the path '\{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}'
  • The task '{58EC57F9-8A9D-4532-A60F-705313EDD0DE}' runs on registration in the path '\{58EC57F9-8A9D-4532-A60F-705313EDD0DE}'
  • The job 'MRT_HB' runs in the path '\Microsoft\Windows\RemovalTools\MRT_HB'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.23939226%
0.028634%
Kernel CPU:0.18566200%
0.013761%
User CPU:0.05373026%
0.014873%
Memory
Private (maximum):56.91 MB
Private (minimum):47.83 MB

BehaviorsProcess properties

Platform:32-bit
Command line:"C:\Windows\System32\mrt.exe" /q /w
Owner:SYSTEM
Parent process:mrtstub.exe (Malicious Software Removal Tool Update Stub by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 41.67%
Windows 7 Home Premium 36.11%
Windows 8.1 Pro 13.89%
Windows 8.1 Pro with Media Center 5.56%
Windows Vista Business 2.78%

Distribution by countryDistribution by country

United States installs about 69.44% of Microsoft Windows Malicious Software Removal Tool.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 39.53%
ASUS 23.26%
Acer 9.30%
Lenovo 9.30%
Toshiba 4.65%
Medion 4.65%
Dell 4.65%
Samsung 2.33%
Alienware 2.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE