Solved: mrtstub.exe is not malware or virus and you may delete it safely

I have two of these directories (empty) and a third with the exact files you described – they are only on my external hard drive. However; I have never run the Microsoft Malicious Software Removal Tool. It would help, if you stated the exact file sizes for the legitimate files in you analysis. Thank you for your efforts and for making them public.

Hello RC and thank you for your comment.
I am afraid I don’t see how the file sizes have any bearing on the course of action you decide to take when you find a folder/file as described above.
If you’re not comfortable deleting the folder then simply leave it be, it won’t impact your system at all.

The MSRT does run once in the background upon first download, so it is possible you didn’t know it had run when it did.

I presume the files will be the same as anyone else, I have the following files
my operating system is windows 7 64bit
the folder these files are in is named, 0ce8f791df5208f193271e3f49 and its locked
$shtdwn$.req , REQ File ……1KB
mrt.exe._p……_P File…………5995KB
mrtstub.exe…. Application……79KB
it was easily deleted

I have 2 folders on D/ with same files but diff numbered folders but they aint doing no harm to pc and 1’s been on there since 2009 so as long as its doing no harm i cant see the point in deleting it just in case it does do some harm.Dont break something that ain’t broke espec when its doing no harm or taking up space,to you lot it just looks annoying and you don’t know what it is,ask MS and ask if you can delete it safely or not.

I like to keep my file system clean so I can know at a glance whether everything is ship shape. But that being said, if it doesn’t bother you to have the folder there then by all means, leave it alone…won’t hurt a thing 🙂

My operating system is 32-bit Windows XP Professional. The directory in which these files were located was named 97a318e4f5e1b16796a73a66224d9d06. It was in the root directory of a USB hard drive. I had no problem deleting the directory. These are the files and their sizes:

$shtdwn$.req — 1 KB
mrt.exe._p — 5956 KB
mrtstub.exe — 88 KB

thanks for info. I have been able to delete all of the folders save one which I cannot gain access/permission. any suggestions?

follow-up: I was forced to changed ownership of all of the files (tedious) in the folder & was finally able to delete; see no evidence that this was virus related, they all appear to be interrupted MSR files, is that possible/probable? thanks, Ron

Hey Ron,
I have never seen any .MSR files in that directory on any of my machines so I am not sure what their content or function is. Maybe they are malicious code snippets found by the tool? Your trouble getting access to that folder is probably due to the version of Windows you’re using. Probably denied by UAC (User access control) which is why you had to take ownership first before you could manage those files. Either way sounds like you figured it out.

I came across these mrt.exe files as you described on an external HD used for back-up. I am unable to remove them, need administrator rights. Tried everything (changing rights etc) but cannot delete them. Scanned with F-secure, no malicious software detected.
How can I delete these files? I am running W8.1, updates are all on auto.
As far as I can see these files are not on my C or D drive in the PC.

Not being there myself to reproduce the problem, I’d say walking that external hd over to another computer may be the answer. Or just leave the files, your call.

My client has 3 of these folders on her hard drive. They are locked. How do I delete locked folders?

Thanks.

Depends on the OS. For XP I would boot into safe mode with command prompt so that whatever program has locked the folders isn’t loaded into memory locking the folders.