The mrt.exe and mtrstub files are Windows own files. These files are associated with the Malicious Software Removal Tool. Since these files are a part of Microsoft Windows, it’s common to find these in the C drive (or the drive where you installed your Windows). The usual location of these files is C:\Windows\System32. If you are seeing these files in some other drive then it might be a red flag. Now, the reason why you are seeing the files disappearing and repeating, that is actually because of the Windows Malicious Software Removal Tool runs on every Windows update and it automatically deletes the files it creates during its run/scan. So, if you see the files and then they disappear then that usually means the tool was running and it deleted the files once it finished running. However, it can also be a virus/malware acting like the original tool but there is a way to check that as well (given in the methods below). This also explains why the files reappear once these are deleted. Lastly, if you are wondering why you can’t delete the files then it might simply be because the tool might be running at that time. In short, the mrtstub is a Windows own file but it can be a virus/malware depending on its behavior and location. The methods given below will help you determine whether the file is legitimate or a virus/malware.

Method 1: Check Digital Signature

The best way to check whether the file is legitimate or a virus is to check the properties. In the properties, you can check the Digital Signature of the file. If the Digital Signature belongs to the Microsoft then there is no need to worry. Here are the steps for checking the Digital Signature

 

Method 2: Check Mrt.log

Whenever the Windows Malicious Software Removal Tool runs, it reports the findings in the mrt.log file. If you are seeing the file appearing and disappearing, and you aren’t sure whether the files are legitimate or not then this method will work for you. You can simply check the mrt.log file and see if the reports were given at the time when the files appeared. This makes sense because whenever the files appear this means that Windows Malicious Software Removal Tool is running and whenever this tool runs it creates a report in the mrt.log. So, if there is no report in the mrt.log at the time you saw the files then it is a red flag. This method should also be useful for people who can’t see the signature of the files because they disappear quickly. So, if you couldn’t follow the instructions in the method 1 then this should resolve that issue as well. Gere are the steps for location and checking the mrt.log file

Check the time stamp on the reporting. If the time of the scan matches the time when you saw the files then there is no need to worry. Otherwise, scan your computer immediately.

Method 3: Scan your Computer

This should be done without saying but you should scan your computer in this situation. Even if you followed the instructions in the methods given above, it is advised to perform a full system scan just to be on the safe side. The worst that can happen is that you’ll waste a few hours of your day. So, download an antivirus and malware detecting tools of your choice and run a full system scan. If you aren’t sure then we will recommend Malwarebytes. Once done, your system should be free of any malware. Note: If you saw the files appearing in your external hard drive then there is no need to panic. Scan your external drive as well. You can check the signatures of the files and check the time in the mrt.log as well. All of these methods will work for an external drive as well.

What is  Mrtstub - 81What is  Mrtstub - 8What is  Mrtstub - 78