Should I block it?

60%
60% of PCs block this file from running.
Possible reason:
Performance resource utilization

VersionsAdditional versions

5.13.10300.0 2.70%
5.12.10200.0 24.32%
5.9.9902.0 10.81%
5.9.9902.0 2.70%
5.7.9701.0 13.51%
5.6.9603.0 40.54%
4.19.7304.0 2.70%
4.16.7000.0 2.70%

Relationships

Parent process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
OpenSCManagerW, OpenServiceW, QueryServiceStatus, QueryServiceConfigW, OpenProcessToken, RegCloseKey, CopySid, AllocateAndInitializeSid, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptDestroyHash, CryptGenRandom, CryptAcquireContextW, FreeSid, GetLengthSid, CheckTokenMembership, RegCreateKeyExW, RegQueryValueExW, RegDeleteValueW, RegOpenKeyExW, CloseServiceHandle, RegisterTraceGuidsW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, TraceEvent, RegSetValueExW, LookupPrivilegeValueW, AdjustTokenPrivileges, CryptReleaseContext
comctl32.dll
DestroyPropertySheetPage, PropertySheetW, CreatePropertySheetPageW, InitCommonControlsEx
gdi32.dll
GetTextMetricsW, GetTextColor, DeleteDC, SelectObject, GetTextExtentExPointW, CreateCompatibleDC, DeleteObject, CreateFontIndirectW, GetObjectW, SetTextColor, ExtTextOutW, GetBkColor, CreateSolidBrush, CreateCompatibleBitmap, SetBkMode, SetBkColor
kernel32.dll
InterlockedIncrement, MultiByteToWideChar, WideCharToMultiByte, ReadFile, GetFileAttributesW, GetExitCodeProcess, ExpandEnvironmentStringsW, EnumResourceNamesW, FindResourceW, LoadResource, LockResource, SizeofResource, GetLogicalDrives, GetDriveTypeW, Sleep, InterlockedExchange, InterlockedCompareExchange, GetStartupInfoW, OutputDebugStringA, RtlUnwind, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, InterlockedDecrement, GetCurrentThreadId, GetSystemTimeAsFileTime, GetTickCount, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, LocalAlloc, LocalFree, GetVersionExW, GetUserDefaultLCID, CreateThread, GetLastError, SetErrorMode, FreeLibrary, CloseHandle, GetDiskFreeSpaceExW, FileTimeToLocalFileTime, FormatMessageW, SuspendThread, ResumeThread, WaitForSingleObject, GetLocalTime, SystemTimeToFileTime, GetTimeFormatW, EnterCriticalSection, LeaveCriticalSection, SetLastError, MulDiv, lstrcmpW, GetTempPathW, GetTempFileNameW, DeleteFileW, CreateFileW, WriteFile, GetModuleFileNameW, HeapAlloc, GetFileSizeEx, CreateEventW, RemoveDirectoryW, GetCurrentProcessId, WritePrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileStringW, FileTimeToSystemTime, WritePrivateProfileSectionW, MoveFileW, SetFilePointer, FlushFileBuffers, IsDebuggerPresent, OutputDebugStringW, SwitchToThread, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, GetFullPathNameW, WaitForMultipleObjects, GetSystemTime, QueueUserWorkItem, InitializeCriticalSection, TryEnterCriticalSection, SetEndOfFile, GlobalFree, GetProcAddress, GetModuleHandleW, GetSystemInfo, GetProcessHeap, HeapFree, LoadLibraryExW, SetFilePointerEx, GetSystemWindowsDirectoryW, CreateDirectoryW, LoadLibraryW, GetSystemDirectoryW, SetEvent, CreateProcessW
msvcrt.dll
DllMain
netapi32.dll
NetApiBufferFree, NetGetJoinInformation
ole32.dll
CoCreateGuid, CoInitializeEx, CoCreateInstance, CoTaskMemFree, CoUninitialize, StringFromGUID2
rpcrt4.dll
UuidFromStringW, RpcStringFreeW, UuidCreate, UuidToStringW
shell32.dll
SHBrowseForFolderW, SHGetFolderLocation, SHGetPathFromIDListW, ShellExecuteW, Shell_NotifyIconW, ShellExecuteExW
shlwapi.dll
StrStrW, StrStrIW, PathRemoveFileSpecW
urlmon.dll
IsValidURL
user32.dll
SetRect, GetDC, GetClientRect, LoadStringW, GetWindowTextW, GetWindowTextLengthW, CharNextW, UnregisterClassW, RegisterClassExW, LoadCursorW, DefWindowProcW, PostQuitMessage, DispatchMessageW, SetCapture, GetMessageW, CreateWindowExW, RegisterClassW, GetDlgItemTextW, ShowWindow, EnableWindow, SendDlgItemMessageW, ReleaseDC, GetWindowLongW, GetParent, SetWindowLongW, PostMessageW, LoadImageW, DestroyIcon, DialogBoxParamW, EndDialog, GetDlgItem, LoadIconW, SendMessageW, SetWindowTextW, SetDlgItemTextW, ExitWindowsEx, GetSystemMetrics, MessageBoxW, ReleaseCapture, GetKeyState, MapWindowPoints, GetFocus, OffsetRect, FrameRect, DrawFocusRect, PtInRect, IsWindowEnabled, InvalidateRect, UpdateWindow, SetCursor, BeginPaint, EndPaint, GetSysColor, SetFocus, TranslateMessage
winhttp.dll
WinHttpSendRequest, WinHttpOpenRequest, WinHttpConnect, WinHttpCrackUrl, WinHttpSetOption, WinHttpGetProxyForUrl, WinHttpGetIEProxyConfigForCurrentUser, WinHttpQueryOption, WinHttpCloseHandle, WinHttpSetTimeouts, WinHttpOpen, WinHttpReadData, WinHttpQueryDataAvailable, WinHttpSetStatusCallback, WinHttpAddRequestHeaders, WinHttpQueryHeaders, WinHttpWriteData, WinHttpReceiveResponse

mrt.exe

Microsoft Windows Malicious Software Removal Tool by Microsoft Corporation (Signed)

Remove mrt.exe
Version:   4.16.7000.0
MD5:   d9975158f02198305284bc82b38889b1
SHA1:   1c4d81f3d7350ba14fbf37a8f8b0bf58106d8f7c
SHA256:   d8a330a8a9570ca81a34a09f64f86c8000c44b4421a2ffe8443ba33adb8c17e9

Overview

mrt.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. The file is digitally signed by Microsoft Corporation.

DetailsDetails

File name:mrt.exe
Publisher:Microsoft Corporation
Product name:Microsoft Windows Malicious Software Removal Tool
Typical file path:C:\Windows\System32\mrt.exe
File version:4.16.7000.0
Size:62.25 MB (65,273,848 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Wednesday, September 12, 2012
Expiration date:Wednesday, June 12, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Scheduled tasks
  • The job '{FA6955C6-856F-4239-928C-E34C2D27FD1B}' runs on registration in the path '\{FA6955C6-856F-4239-928C-E34C2D27FD1B}'
  • The task '{E1651854-9890-4C9E-92A0-A77E1B91C0A2}' runs on registration in the path '\{E1651854-9890-4C9E-92A0-A77E1B91C0A2}'
  • The task '{968F4498-EC94-4EB5-90B0-51FAC6A713D4}' runs on registration in the path '\{968F4498-EC94-4EB5-90B0-51FAC6A713D4}'
  • The task '{797400D0-088B-4ED0-A249-46CBD2CFE6A7}' runs on registration in the path '\{797400D0-088B-4ED0-A249-46CBD2CFE6A7}'
  • The job '{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}' runs on registration in the path '\{68B8F0EA-DA21-4A25-B74A-DA061074C5E7}'
  • The task '{58EC57F9-8A9D-4532-A60F-705313EDD0DE}' runs on registration in the path '\{58EC57F9-8A9D-4532-A60F-705313EDD0DE}'
  • The job 'MRT_HB' runs in the path '\Microsoft\Windows\RemovalTools\MRT_HB'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00814199%
0.028634%
Kernel CPU:0.00580147%
0.013761%
User CPU:0.00234052%
0.014873%
Kernel CPU time:383,536 ms/min
100,923,805ms/min
Memory
Private memory:54.13 MB
21.59 MB
Private (maximum):57.01 MB
Private (minimum):19.7 MB
Non-paged memory:54.13 MB
21.59 MB
Virtual memory:240.47 MB
140.96 MB
Virtual memory (peak):284.4 MB
169.69 MB
Working set:27.84 MB
18.61 MB
Working set (peak):118.97 MB
37.95 MB
Resource allocations
Threads:4
12
Handles:324
600
GUI GDI count:42
103
GUI GDI peak:47
142
GUI USER count:32
49
GUI USER peak:34
71

BehaviorsProcess properties

Integrety level:Medium
Platform:32-bit
Command lines:
  • "C:\Windows\System32\mrt.exe"
  • "C:\Windows\System32\mrt.exe" /re
Owner:User
Parent processes:

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 41.67%
Windows 7 Home Premium 36.11%
Windows 8.1 Pro 13.89%
Windows 8.1 Pro with Media Center 5.56%
Windows Vista Business 2.78%

Distribution by countryDistribution by country

United States installs about 69.44% of Microsoft Windows Malicious Software Removal Tool.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Hewlett-Packard 39.53%
ASUS 23.26%
Acer 9.30%
Lenovo 9.30%
Toshiba 4.65%
Medion 4.65%
Dell 4.65%
Samsung 2.33%
Alienware 2.33%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE