Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Threat Warning C:\WINDOWS\ system32\MRT.exe


  • Please log in to reply
6 replies to this topic

#1 Sarah1x

Sarah1x

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 15 July 2015 - 05:06 AM

Hi everyone hoping someone can help me.
This morning I went away from my computer and came back to a threat warning from AVG about an unknown threat in location C:\WINDOWS\ system32\MRT.exe
I have done both a virus scan with AVG and a malware scan with malwarebytes but neither have found anything on my computer.
I have since tried opening malwarebytes, it loads but won't open. I don't know if this is related?
My computer details are:
Windows 8.1
Toshiba
Processor: Intel® Celeron® CPU B830 @ 1.80GHz 1.80 GHZ
System type: 64-bit operating system, x64 based processor.

I forgot to say, my laptop has been playing up recently. The screen will randomly go black for a couple sends and the other day it randomly restarted itself.

Can anyone help?

Thanks :)

Edited by Sarah1x, 15 July 2015 - 05:17 AM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:58 PM

Posted 15 July 2015 - 05:33 AM

Welcome to BC !

 

FROM THE WEB: MRT.exe is the process of Microsoft’s Malicious Software Removal Tool, a program that checks the computer for harmful processes in the background. Normally it runs on the second Tuesday of every month, which is Microsoft’s traditional Patch Tuesday, when most of its programs and operating systems get their automatic updates, containing the most important security patches as well. Thus, MRT.exe gets updated once in a month, and runs once straight after the update, then remains dormant for another month.

 

To find out whether you need to worry about MRT.exe or not, you need to check if it is in the C:Windows\system32 folder or not, and if you see it running on the second Tuesday of the month. If the answer is yes for both questions, then probably you have nothing to worry about. If the answer is no to any of them, you should check your system and remove the process if necessary.

AVG says it is in system32.

 

Malwarebytes not opening could be a result of a Windows update yesterday, it's files are corrupted or something malicious on the computer.

 

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running.

Run a scan using RKill Download Link Download Now iExplore.exe

DO NOT reboot the computer after running the scan. Immediately attempt to run MBAM.

 

Some security programs may pop up a warning. Ignore the warning about Rkill or iExplore and run the scan.


Edited by buddy215, 15 July 2015 - 05:39 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Sarah1x

Sarah1x
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 15 July 2015 - 06:13 AM

Hello,
Thank you for replying so quick.
I have checked and MRT is in the System32 folder, there is nothing in the MRT folder but it does say it was last modified on 14/07/15 which would have been yesterday and the second Tuesday of the month.
I restarted my laptop and finally got MBAM to work and done a full computer scan which didn't find anything.

Do you think it was a false positive from AVG?

#4 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:58 PM

Posted 15 July 2015 - 06:31 AM

Yes, it was a false positive. If the AVG you have is the free version you may want to remove the adware it installs. Usually it is found in browsers listed as something like AVG Security Toolbar and AVG Secure Search.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:58 PM

Posted 15 July 2015 - 06:39 AM

If you suspect a file was falsely detected (a false positive), then you should submit a sample to AVG so they can investigate and take corrective action if confirmed.

If you think AVG wrongly detected a file, URL or Tracking as harmfulor if you have a virus sample that AVG failed to detectplease submit it to us for analysis. Please note that we do not answer back with results as the files are being checked automatically.

AVG: Send us a sample
AVG FAQ 2343: How to report an incorrect detection by AVG?
AVG Forum: How To Handle Suspicious False Positive Detection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Sarah1x

Sarah1x
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 15 July 2015 - 07:29 AM

Thanks guys.

#7 buddy215

buddy215

  • Moderator
  • 13,099 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:04:58 PM

Posted 16 July 2015 - 09:30 AM

You're welcome...

 

As to....I forgot to say, my laptop has been playing up recently. The screen will randomly go black for a couple sends and the other day it randomly restarted itself.

 

Start a new topic in the Windows 8 and Windows 8.1 Forum - BleepingComputer.com for help with that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users