Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MRT.exe


  • Please log in to reply
10 replies to this topic

#1 J-L-S

J-L-S

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 April 2016 - 07:07 PM

How can I verify that MRT.exe is safe?

 

AVG popped up and said c:\windows\system32\MRT.exe (Microsoft Windows Malicious Software Removal Tool) was harmful.

 

Windows 10, 64

MRT.exe is 128 MB

 

I have scanned it with AVG and Malwarebytes ...

I have run sfc /scannow

Microsoft Windows [Version 10.0.10586]

Windows Resource Protection did not find any integrity violations.


Edited by hamluis, 30 April 2016 - 07:30 PM.
Moved from W10 Discussion to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 30 April 2016 - 07:19 PM

Hi J-L-S :)

If SFC verified the integrity of MRT.exe and didn't repair it, it means that it's the legitimate executable. This is most likely a false positive on AVG's side. You should report it so they can fix it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 J-L-S

J-L-S
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 April 2016 - 07:42 PM

Thanks ...

 

What really bothers me is thw size 128 MB, I have read its should be much smaller.



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 30 April 2016 - 07:43 PM

Well, if that can reassure you, here's mine.
AjV3pRh.png

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 J-L-S

J-L-S
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 30 April 2016 - 07:50 PM

OK thanks ...



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:40 AM

Posted 30 April 2016 - 08:21 PM

No problem, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:40 AM

Posted 01 May 2016 - 06:13 AM

Be sure to submit the detection to AVG so they can take corrective action.

If you think AVG wrongly detected a file, URL or Tracking as harmfulor if you have a virus sample that AVG failed to detectplease submit it to us for analysis. Please note that we do not answer back with results as the files are being checked automatically.

AVG Report a false detection: Send us a sample

Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.

You can also report such issues at the AVG Support Community Forums.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 01 May 2016 - 07:53 AM

This is the SHA1 hash of the MRT.exe on my system: 6f4b7e4d5661aeb997747e49cb40219cf46b15ea.  You can compare the hash with yours to see if it's the same.



#9 J-L-S

J-L-S
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 01 May 2016 - 11:45 AM

How do we check SHA1 hash for MRT.exe ?



#10 Agouti

Agouti

  • Members
  • 1,548 posts
  • OFFLINE
  •  
  • Local time:10:40 AM

Posted 01 May 2016 - 01:22 PM

There are numerous programs which will allow you to verify a file by calculating the hash and comparing it with a known good hash.  The one I use is Hasher Lite.  To compare a hash with Hasher Lite...

 

1.  Highlight and copy the known good hash to your clipboard.

2.  Start Hasher Lite and ensure it is set to the type of hash you want to check.

1462124871.png

3.  Open an Explorer window and navigate to the file you want to check.

4.  Drag and drop the file over the Hasher window.  Hasher will calculate the hash.

5.  Click the icon that looks like a scale.

6.  Hasher will automatically compare the hash with the one in the clipboard.  If it matches, Hasher will display a window with a green check.

1462125676.png

7.  If the hashes do not match, a red icon with a minus sign will be displayed instead.

 

Hasher Lite is portable, so doesn't have to be installed or uninstalled.



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:40 AM

Posted 01 May 2016 - 02:30 PM

Other Options:

Note: If using System Ninja...download and extract the FileAnalyzr.zip file into the plugins folder in System Ninjas install directory.

Do not use the built-in registry cleaner.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users