Mrt.exe is a legitimate executable file developed by Microsoft and stands for ‘Microsoft Removal Tool’.
Whilst it is not a core process in Windows, removing or disabling mrt.exe is not recommended as it helps guard against malware.
Unfortunately, however, hackers sometimes name viruses ‘mrt.exe’ to fool users and hence it is important to ensure the file is the legitimate one designed by Microsoft.
What Is The Microsoft Windows Malicious Software Removal Tool And mrt.exe?
The Microsoft Removal Tool (also called MRT or the Microsoft Malicious Software Removal Tool) scans your computer for malware to identify and eliminate any viruses on your system. This is considered an “on-demand” tool, which means it needs to be told to run in order to run, and won’t scan for viruses unless prompted.
However, If you have never run the tool manually, it doesn’t mean it has been sat there idly on your computer gathering digital dust. The tool is updated by Microsoft on “Patch Tuesday”, which is the second Tuesday of every month.
After this patch has taken place, the tool automatically runs and reports any findings to Microsoft. You can find and run the tool yourself by typing mrt.exe into the Search box or command prompt window.
You can check the details of previous scans to see if the tool found any malware by using the following method:
- Press the Windows key + R
- Type this string: %WINDIR%\debug folder, and press enter.
- Open mrt.log file
Is The Microsoft Removal Tool Safe?
A legitimate version of mrt.exe is safe and can help protect your computer from malware so removing it is not advised.
However, it is not a core operating system process, so your computer will run normally if you remove the file, but this should only be done if it is causing your computer problems such as using unusually high CPU and causing your computer to be sluggish.
If you delete a legitimate version of the file because it’s causing problems, you can always download a new version of it from the Microsoft website.
It is also possible that you have a virus disguising itself as mrt.exe. There are several Trojan viruses known to do this. A legitimate mrt.exe file will be located in the folder C:\Windows\System32.
If you find a file with the same name located any other location or folder apart from C:\\Windows\System32, it is most likely malware.
How To Check A File’s Location
a. Press ctrl-alt-del
b. Click on the ‘Processes Tab’ :
c. Highlight the MRT.exe file as above
d. Right click and click ‘Properties’ to get the following screen:
e. Note the location (circled)
If that is the case, you should run a full scan on your computer – through your antivirus software to identify and delete the virus.
How to Remove mrt.exe
A legitimate mrt.exe file that is causing problems:
- Click on Start, and then click on Computer
- Open the C: drive and then click on Windows
- Scroll down the list until you reach the System32 folder and click on it.
- The folder should be organized so that all the folders are at the top and the files underneath. Scroll past all the folders and locate MRT in the files.
- Right-click on the MRT executable and select Delete
A malicious version of the file:
You can delete a malicious file in much the same way. Use Task Manager to see where the file is located and make a note of this. Then right-click on the process and select End Process.
Find the file in its folder and right-click on it, then select Delete. Restart your computer to check if the file is still running or can still be found.
There are times when a virus can stick around despite attempts to delete it, and this is why you should rely on anti-virus software to better protect your computer.
Malwarebytes is a popular and trusted free Anti-virus tool.
Conclusion
The mrt.exe process is a legitimate process. But, if it exists in the form of a virus, it’s best remove it as soon as possible by following the steps mentioned above.