Do you happen to see a lot of disk activity and you’re wondering what the MRT.exe is? Also, here are some infos why you should *not* delete the MRT.exe or disable anonymous reports.
What is it?
MRT.exe is the Windows Malicious Software Removal Tool. It scans for malicious files like viruses in the background and is updating itself every patch day (second Tuesday in a month). The program (MRT.exe) will have a lot of disk activity at specific times and is also sending anonymous data to Microsoft about viruses and problems. There’s nothing wrong with that, in fact it can be a positive sign when the MRT.exe is running in the background.
Note: Sometimes viruses may use the same or a similar name to run silently in the background, that is why it is important to go to the location of the exe file and compare it with the original system path which is C:/Windows/system32 – if it is not stored in there, it may be a virus
Where is the MTR.exe located?
MRT.exe can be found in C:/Windows/system32 .. any other path should be considered a security warning and analysed immediately!
Where are the log files that store scan results?
The tool stored a log file with all scan results. In order to figure out the cause for a high CPU load, it is essential that you verify the scan results and remove any malicious software.
The log files of the removal tool are in the following directory: %windir%\debug\. Make sure to check the file mrt.log. If you find any return codes in that file other than “0”, you have malicious software on your system which should be removed.
Do I need the MRT.exe
If you have secured your system with other security tools, such as Malwarebytes, SuperAntiSpyware, Search & Destroy or Adware (Top5 Spyware Scanner for Windows 7), you may not need the MRT.exe. You can disable the Windows 7 security center completely AND delete the file MRT.exe after creating a backup. However, I advise you not do this, more below.
Is it safe to delete MRT.exe?
Yes, you can safely delete the MRT.exe. However, I urge you not do this if you want to keep your PC secure. Only if you have encountered problems with that specific program I would consider removing it. Also, before you remove the MRT.exe create a backup, although you can probably restore it via sfc.exe anyway since it’s stored in the system32 folder.
I want to disable anonymous reports. How?
You may want to disable anonymous reports that are send to Microsoft. However, since it is anonymous this is not a security-risk and will help Microsoft to improve their tool to find even more viruses.
Unfortunately, virus creators attack more and more endusers with viruses that are not recognized. Keep in mind, viruses that are not very common can often not be identified by anti-virus software. Therefore security firms rely on anonymous reports to find new viruses! You can actively help to find new viruses if you enable anonymous reports.
If you still want to disable anonymous reports, you may download this registry key: Disable anonymous MRT.exe reports
Alternatively, you can copy the following text into a notepad and save it as a .reg file, then execute via double-click:
Windows Registry Editor Version 5.00
Why is it causing high CPU load?
One of the reasons why it may be causing a CPU load is that it is trying to remove malicious software from your PC. To better understand this, open the log files as explained above. The log file is called mrt.log
If that is not the case, you should consider installing Malwarebytes and scan your entire system. Watch the video guide below to better understand what I am talking about.
I have recorded a 3 minute long guide that will help you to better understand what the MRT executable is and how to fix any issues.
You should note that RadioTime’s RedButton software (an Internet radio scheduler recorder) also runs a file called MRT.exe. It consumes 2% of CPU resources when playing back its files, perhaps more during recording (multiple sources can record simultaneously).
Yes, it’s quite possible that other tools use a similar exe file – in that case you need to look up the process location in the task manager.
I have 21 instances of this application in different seperate folders in my C:/ drive, are these malicious at all and/or should they be removed and what do they mean?
Jack, what does Malwarebytes say, any positives?
Inspect further, doesn’t look normal to me, very possible a self-duplicating rootkit or similar