Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MRT.exe Trojan Small.FHT AVG FREE 2015


  • Please log in to reply
3 replies to this topic

#1 donisonleague

donisonleague

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 03 October 2014 - 08:51 AM

Today i've scanned my PC with the new version of AVG FREE 2015 and it reported that i'm infected with a Trojan Small.FHT found at C:\Windows\System32\MRT.exe

I've surfed the web for a while searching for solutions since it says that it can't be removed because AVG can't find the object.

I've manually looked in System32 and i've found there MRT.exe

It is digitally signed by Microsoft so i thought it was a false positive.

It's 96 MB and i've scanned it also with ESET and Malwarebytes and no problem was found.

Can i be sure that it's a false positive?



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,574 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 03 October 2014 - 06:34 PM

mrt.exe is the Malicious Software Removal Tool (MSRT) and is located in the C:\Windows\system32\ folder.

When you manually run MSRT, a temporary folder named with random alpha/numeric characters (i.e. 79f142e5e9e574d23954) will be created on your C:\ drive that contains mrt.exe, mrtstub.exe and a file named $shtdwn$.req. If you run MSRT from a removable drive, the folder may be created there.

You can report the false detection/submit the file to AVG.

If you think AVG wrongly detected a file, URL or Tracking as harmful—or if you have a virus sample that AVG failed to detect—please submit it to us for analysis. Please note that we do not answer back with results as the files are being checked automatically.

AVG: Send us a sample
AVG FAQ 2343: How to report an incorrect detection by AVG?

If you want a second opinion, submit it to one of the online services that analyzes suspicious files:--In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 donisonleague

donisonleague
  • Topic Starter

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Local time:02:49 AM

Posted 04 October 2014 - 04:19 AM

I can't submit to any of those services, since it is 96 Mb. All of them have a lower limit (the highest has 80)



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,574 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:49 PM

Posted 04 October 2014 - 06:43 AM

herdProtect Anti-Malware Scanner is a free cloud-based program which detects malicious threats and adware by utilizing 68 anti-malware scanners. It can be used as a second opinion scanner that presents a list of suspect files which any one of its anti-malware engines may suspect to be potentially dangerous but it will not remove malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users