Should I block it?

60%
60% of PCs block this file from running.
Possible reason:
Performance resource utilization

VersionsAdditional versions

5.13.10300.0 2.70%
5.12.10200.0 24.32%
5.9.9902.0 10.81%
5.9.9902.0 2.70%
5.7.9701.0 13.51%
5.6.9603.0 40.54%
4.19.7304.0 2.70%
4.16.7000.0 2.70%

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
OpenSCManagerW, OpenServiceW, QueryServiceStatus, QueryServiceConfigW, OpenProcessToken, RegCloseKey, CopySid, AllocateAndInitializeSid, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDestroyHash, CryptGenRandom, CryptAcquireContextW, FreeSid, GetLengthSid, CheckTokenMembership, RegCreateKeyExW, RegQueryValueExW, RegDeleteValueW, RegOpenKeyExW, CloseServiceHandle, RegisterTraceGuidsW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, TraceEvent, RegSetValueExW, LookupPrivilegeValueW, AdjustTokenPrivileges, CryptReleaseContext
comctl32.dll
DestroyPropertySheetPage, PropertySheetW, CreatePropertySheetPageW, InitCommonControlsEx
gdi32.dll
GetTextMetricsW, GetTextColor, DeleteDC, SelectObject, GetTextExtentExPointW, CreateCompatibleDC, DeleteObject, CreateFontIndirectW, GetObjectW, SetTextColor, ExtTextOutW, GetBkColor, CreateSolidBrush, CreateCompatibleBitmap, SetBkMode, SetBkColor
kernel32.dll
InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, ReadFile, GetFileAttributesW, GetExitCodeProcess, ExpandEnvironmentStringsW, EnumResourceNamesW, FindResourceW, LoadResource, LockResource, SizeofResource, GetLogicalDrives, GetDriveTypeW, Sleep, InterlockedExchange, InterlockedCompareExchange, GetStartupInfoW, OutputDebugStringA, RtlUnwind, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, InterlockedDecrement, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, LocalAlloc, LocalFree, GetVersionExW, GetUserDefaultLCID, CreateThread, GetLastError, SetErrorMode, FreeLibrary, CloseHandle, GetDiskFreeSpaceExW, FileTimeToLocalFileTime, FormatMessageW, SuspendThread, ResumeThread, WaitForSingleObject, GetLocalTime, SystemTimeToFileTime, GetTimeFormatW, EnterCriticalSection, LeaveCriticalSection, SetLastError, MulDiv, lstrcmpW, GetTempPathW, GetTempFileNameW, DeleteFileW, CreateFileW, WriteFile, GetModuleFileNameW, HeapAlloc, GetFileSizeEx, CreateEventW, RemoveDirectoryW, GetCurrentProcessId, WritePrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileStringW, FileTimeToSystemTime, WritePrivateProfileSectionW, MoveFileW, SetFilePointer, FlushFileBuffers, IsDebuggerPresent, OutputDebugStringW, SwitchToThread, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, GetFullPathNameW, WaitForMultipleObjects, GetSystemTime, QueueUserWorkItem, InitializeCriticalSection, TryEnterCriticalSection, SetEndOfFile, GlobalFree, GetProcAddress, GetModuleHandleW, GetSystemInfo, GetProcessHeap, HeapFree, LoadLibraryExW, SetFilePointerEx, GetSystemWindowsDirectoryW, CreateDirectoryW, LoadLibraryW, GetSystemDirectoryW, SetEvent, CreateProcessW
msvcrt.dll
DllMain
netapi32.dll
NetApiBufferFree, NetGetJoinInformation
ole32.dll
CoCreateGuid, CoInitializeEx, CoCreateInstance, CoTaskMemFree, CoUninitialize, StringFromGUID2
rpcrt4.dll
UuidFromStringW, RpcStringFreeW, UuidCreate, UuidToStringW
shell32.dll
SHBrowseForFolderW, SHGetFolderLocation, SHGetPathFromIDListW, ShellExecuteW, Shell_NotifyIconW, ShellExecuteExW
shlwapi.dll
StrStrW, StrStrIW, PathRemoveFileSpecW
urlmon.dll
IsValidURL
user32.dll
SetRect, GetDC, GetClientRect, LoadStringW, GetWindowTextW, GetWindowTextLengthW, CharNextW, UnregisterClassW, RegisterClassExW, LoadCursorW, DefWindowProcW, PostQuitMessage, DispatchMessageW, SetCapture, GetMessageW, CreateWindowExW, RegisterClassW, GetDlgItemTextW, ShowWindow, EnableWindow, SendDlgItemMessageW, ReleaseDC, GetWindowLongW, GetParent, SetWindowLongW, PostMessageW, LoadImageW, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItem, LoadIconW, SendMessageW, SetWindowTextW, SetDlgItemTextW, ExitWindowsEx, GetSystemMetrics, MessageBoxW, ReleaseCapture, GetKeyState, MapWindowPoints, GetFocus, OffsetRect, FrameRect, DrawFocusRect, PtInRect, IsWindowEnabled, InvalidateRect, UpdateWindow, SetCursor, BeginPaint, EndPaint, GetSysColor, SetFocus, TranslateMessage
winhttp.dll
WinHttpSendRequest, WinHttpOpenRequest, WinHttpConnect, WinHttpCrackUrl, WinHttpSetOption, WinHttpGetProxyForUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpQueryOption, WinHttpCloseHandle, WinHttpSetTimeouts, WinHttpOpen, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpSetStatusCallback, WinHttpAddRequestHeaders, WinHttpQueryHeaders, WinHttpWriteData, WinHttpReceiveResponse

mrt.exe

Microsoft Windows Malicious Software Removal Tool by Microsoft Corporation (Signed)

Remove mrt.exe
Version:   5.7.9701.0
MD5:   cc9aedaa3c140ecc8ea9a1efa4f9d3f6
SHA1:   6aebfa841957aa023067f3b1c6d2ef43f5bb0d4b

Overview

mrt.exe executes as a process with the local user's privileges. The file is digitally signed by Microsoft Corporation.

DetailsDetails

File name:mrt.exe
Publisher:Microsoft Corporation
Product name:Microsoft Windows Malicious Software Removal Tool
Typical file path:C:\Windows\System32\mrt.exe
File version:5.7.9701.0
Size:86.51 MB (90,708,896 bytes)
Build date:12/1/2013 2:27 PM
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Wednesday, September 12, 2012
Expiration date:Wednesday, June 12, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks
  • The job '{FA6955C6-856F-4239-928C-E34C2D27FD1B}' runs on registration in the path '\{FA6955C6-856F-4239-928C-E34C2D27FD1B}'
  • The task '{E1651854-9890-4C9E-92A0-A77E1B91C0A2}' runs on registration in the path '\{E1651854-9890-4C9E-92A0-A77E1B91C0A2}'
  • The task '{968F4498-EC94-4EB5-90B0-51FAC6A713D4}' runs on registration in the path '\{968F4498-EC94-4EB5-90B0-51FAC6A713D4}'
  • The task '{797400D0-088B-4ED0-A249-46CBD2CFE6A7}' runs on registration in the path '\{797400D0-088B-4ED0-A249-46CBD2CFE6A7}'
  • The job '{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}' runs on registration in the path '\{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}'
  • The task '{58EC57F9-8A9D-4532-A60F-705313EDD0DE}' runs on registration in the path '\{58EC57F9-8A9D-4532-A60F-705313EDD0DE}'
  • The job 'MRT_HB' runs in the path '\Microsoft\Windows\RemovalTools\MRT_HB'

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 41.67%
Windows 7 Home Premium 36.11%
Windows 8.1 Pro 13.89%
Windows 8.1 Pro with Media Center 5.56%
Windows Vista Business 2.78%

Distribution by countryDistribution by country

United States installs about 69.44% of Microsoft Windows Malicious Software Removal Tool.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 39.53%
ASUS 23.26%
Acer 9.30%
Lenovo 9.30%
Toshiba 4.65%
Medion 4.65%
Dell 4.65%
Samsung 2.33%
Alienware 2.33%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE