Should I block it?

60%
60% of PCs block this file from running.
Possible reason:
Performance resource utilization

VersionsAdditional versions

5.13.10300.0 2.70%
5.12.10200.0 24.32%
5.9.9902.0 10.81%
5.9.9902.0 2.70%
5.7.9701.0 13.51%
5.6.9603.0 40.54%
4.19.7304.0 2.70%
4.16.7000.0 2.70%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
OpenSCManagerW, OpenServiceW, QueryServiceStatus, QueryServiceConfigW, OpenProcessToken, RegCloseKey, CopySid, AllocateAndInitializeSid, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDestroyHash, CryptGenRandom, CryptAcquireContextW, FreeSid, GetLengthSid, CheckTokenMembership, RegCreateKeyExW, RegQueryValueExW, RegDeleteValueW, RegOpenKeyExW, CloseServiceHandle, RegisterTraceGuidsW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, TraceEvent, RegSetValueExW, LookupPrivilegeValueW, AdjustTokenPrivileges, CryptReleaseContext
comctl32.dll
DestroyPropertySheetPage, PropertySheetW, CreatePropertySheetPageW, InitCommonControlsEx
gdi32.dll
GetTextMetricsW, GetTextColor, DeleteDC, SelectObject, GetTextExtentExPointW, CreateCompatibleDC, DeleteObject, CreateFontIndirectW, GetObjectW, SetTextColor, ExtTextOutW, GetBkColor, CreateSolidBrush, CreateCompatibleBitmap, SetBkMode, SetBkColor
kernel32.dll
InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, ReadFile, GetFileAttributesW, GetExitCodeProcess, ExpandEnvironmentStringsW, EnumResourceNamesW, FindResourceW, LoadResource, LockResource, SizeofResource, GetLogicalDrives, GetDriveTypeW, Sleep, InterlockedExchange, InterlockedCompareExchange, GetStartupInfoW, OutputDebugStringA, RtlUnwind, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, InterlockedDecrement, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, LocalAlloc, LocalFree, GetVersionExW, GetUserDefaultLCID, CreateThread, GetLastError, SetErrorMode, FreeLibrary, CloseHandle, GetDiskFreeSpaceExW, FileTimeToLocalFileTime, FormatMessageW, SuspendThread, ResumeThread, WaitForSingleObject, GetLocalTime, SystemTimeToFileTime, GetTimeFormatW, EnterCriticalSection, LeaveCriticalSection, SetLastError, MulDiv, lstrcmpW, GetTempPathW, GetTempFileNameW, DeleteFileW, CreateFileW, WriteFile, GetModuleFileNameW, HeapAlloc, GetFileSizeEx, CreateEventW, RemoveDirectoryW, GetCurrentProcessId, WritePrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileStringW, FileTimeToSystemTime, WritePrivateProfileSectionW, MoveFileW, SetFilePointer, FlushFileBuffers, IsDebuggerPresent, OutputDebugStringW, SwitchToThread, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, GetFullPathNameW, WaitForMultipleObjects, GetSystemTime, QueueUserWorkItem, InitializeCriticalSection, TryEnterCriticalSection, SetEndOfFile, GlobalFree, GetProcAddress, GetModuleHandleW, GetSystemInfo, GetProcessHeap, HeapFree, LoadLibraryExW, SetFilePointerEx, GetSystemWindowsDirectoryW, CreateDirectoryW, LoadLibraryW, GetSystemDirectoryW, SetEvent, CreateProcessW
msvcrt.dll
DllMain
netapi32.dll
NetApiBufferFree, NetGetJoinInformation
ole32.dll
CoCreateGuid, CoInitializeEx, CoCreateInstance, CoTaskMemFree, CoUninitialize, StringFromGUID2
rpcrt4.dll
UuidFromStringW, RpcStringFreeW, UuidCreate, UuidToStringW
shell32.dll
SHBrowseForFolderW, SHGetFolderLocation, SHGetPathFromIDListW, ShellExecuteW, Shell_NotifyIconW, ShellExecuteExW
shlwapi.dll
StrStrW, StrStrIW, PathRemoveFileSpecW
urlmon.dll
IsValidURL
user32.dll
SetRect, GetDC, GetClientRect, LoadStringW, GetWindowTextW, GetWindowTextLengthW, CharNextW, UnregisterClassW, RegisterClassExW, LoadCursorW, DefWindowProcW, PostQuitMessage, DispatchMessageW, SetCapture, GetMessageW, CreateWindowExW, RegisterClassW, GetDlgItemTextW, ShowWindow, EnableWindow, SendDlgItemMessageW, ReleaseDC, GetWindowLongW, GetParent, SetWindowLongW, PostMessageW, LoadImageW, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItem, LoadIconW, SendMessageW, SetWindowTextW, SetDlgItemTextW, ExitWindowsEx, GetSystemMetrics, MessageBoxW, ReleaseCapture, GetKeyState, MapWindowPoints, GetFocus, OffsetRect, FrameRect, DrawFocusRect, PtInRect, IsWindowEnabled, InvalidateRect, UpdateWindow, SetCursor, BeginPaint, EndPaint, GetSysColor, SetFocus, TranslateMessage
winhttp.dll
WinHttpSendRequest, WinHttpOpenRequest, WinHttpConnect, WinHttpCrackUrl, WinHttpSetOption, WinHttpGetProxyForUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpQueryOption, WinHttpCloseHandle, WinHttpSetTimeouts, WinHttpOpen, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpSetStatusCallback, WinHttpAddRequestHeaders, WinHttpQueryHeaders, WinHttpWriteData, WinHttpReceiveResponse

mrt.exe

Microsoft Windows Malicious Software Removal Tool by Microsoft Corporation (Signed)

Remove mrt.exe
Version:   5.6.9603.0
MD5:   971bcacc7310db7b8373f6d6dd5b956f
SHA1:   16cc9a38985f828490bdb9ef5a30dcd3f3f2cb38

Overview

mrt.exe executes as a process with the local user's privileges. This is typically installed with the program OpenOffice 4.0.1 published by Apache Software Foundation. The file is digitally signed by Microsoft Corporation.

DetailsDetails

File name:mrt.exe
Publisher:Microsoft Corporation
Product name:Microsoft Windows Malicious Software Removal Tool
Typical file path:C:\Windows\System32\mrt.exe
File version:5.6.9603.0
Size:79.06 MB (82,896,128 bytes)
Build date:11/8/2013 12:45 AM
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Wednesday, September 12, 2012
Expiration date:Wednesday, June 12, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

ResourcesPrograms

The following program will install this file
Apache Software Foundation
1% remove
OpenOffice is a widely used open-source office suite.

BehaviorsBehaviors

Scheduled tasks
  • The job '{FA6955C6-856F-4239-928C-E34C2D27FD1B}' runs on registration in the path '\{FA6955C6-856F-4239-928C-E34C2D27FD1B}'
  • The task '{E1651854-9890-4C9E-92A0-A77E1B91C0A2}' runs on registration in the path '\{E1651854-9890-4C9E-92A0-A77E1B91C0A2}'
  • The task '{968F4498-EC94-4EB5-90B0-51FAC6A713D4}' runs on registration in the path '\{968F4498-EC94-4EB5-90B0-51FAC6A713D4}'
  • The task '{797400D0-088B-4ED0-A249-46CBD2CFE6A7}' runs on registration in the path '\{797400D0-088B-4ED0-A249-46CBD2CFE6A7}'
  • The job '{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}' runs on registration in the path '\{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}'
  • The task '{58EC57F9-8A9D-4532-A60F-705313EDD0DE}' runs on registration in the path '\{58EC57F9-8A9D-4532-A60F-705313EDD0DE}'
  • The job 'MRT_HB' runs in the path '\Microsoft\Windows\RemovalTools\MRT_HB'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 41.67%
Windows 7 Home Premium 36.11%
Windows 8.1 Pro 13.89%
Windows 8.1 Pro with Media Center 5.56%
Windows Vista Business 2.78%

Distribution by countryDistribution by country

United States installs about 69.44% of Microsoft Windows Malicious Software Removal Tool.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 39.53%
ASUS 23.26%
Acer 9.30%
Lenovo 9.30%
Toshiba 4.65%
Medion 4.65%
Dell 4.65%
Samsung 2.33%
Alienware 2.33%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE