Guest ellisdesign@talktalk.net Posted January 15, 2009 Posted January 15, 2009 I have noticed that several of my drives have multiple folders with randomly generated names like < c1d507a65a5b840fd01d > Each of these folders contains three files - $shtdwn$.req : mrt.exe._p : mrtstub.exe. These look like something that has been generated by an abnormal shutdown ($shtdwn$ is a bit of a clue), and I wonder if I can safely delete them? Looking for mrtstub.exe in Google brings up a load of alarming messages indicating that it might be malware, that running it might delete all my data ..... etc. I would like to get rid of it - can I safely do so? Peter Quote
Guest FromTheRafters Posted January 15, 2009 Posted January 15, 2009 Looks like Microsoft's Malicious Software Removal Tool droppings to me. If so, there is nothing to worry about concerning these files. Submit the executable "mrtstub.exe" to virustotal to see what several AV's have to say about the file. <ellisdesign@talktalk.net> wrote in message news:4e878588-4b7b-4631-9e51-4583048d3878@x16g2000prn.googlegroups.com...<span style="color:blue"> >I have noticed that several of my drives have multiple folders with > randomly generated names like < c1d507a65a5b840fd01d > > > Each of these folders contains three files - $shtdwn$.req : > mrt.exe._p : mrtstub.exe. > > These look like something that has been generated by an abnormal > shutdown ($shtdwn$ is a bit of a clue), and I wonder if I can safely > delete them? > > Looking for mrtstub.exe in Google brings up a load of alarming > messages indicating that it might be malware, that running it might > delete all my data ..... etc. > > I would like to get rid of it - can I safely do so? > > Peter > > </span> Quote
Guest MowGreen [MVP] Posted January 15, 2009 Posted January 15, 2009 It's a temporary stub for the Windows Malicious Software Removal Tool and it [they] should have been deleted when the tool finished running. However, if the system is infected and the malware is controlling it, then said malware might be preventing the system from being restarted so that the MRT can remove it. Check the mrt.log located in WINDOWS\Debug to see if this is the case. IF something has been detected and it's preventing the tool from removing it, boot to Safe Mode. Once in SM, click Start > Run > type in mrt in the Open line and then click OK or press Enter. The tool will open after a short period of time. Click Next. Put a mark next to " Full scan", click Next. Go for a walk as it will take a long time for the tool to run. Or, go shopping and help save the economy <w> The MRT should be able to remove any detected malware in Safe Mode unless it has a rootkit associated with it. Post back with whatever is showing in the mrt.log. IF nothing is being detected, then you can safely delete the temp stub folders. MowGreen [MVP 2003-2009] =============== -343- FDNY Never Forgotten =============== ellisdesign@talktalk.net wrote: <span style="color:blue"> > I have noticed that several of my drives have multiple folders with > randomly generated names like < c1d507a65a5b840fd01d > > > Each of these folders contains three files - $shtdwn$.req : > mrt.exe._p : mrtstub.exe. > > These look like something that has been generated by an abnormal > shutdown ($shtdwn$ is a bit of a clue), and I wonder if I can safely > delete them? > > Looking for mrtstub.exe in Google brings up a load of alarming > messages indicating that it might be malware, that running it might > delete all my data ..... etc. > > I would like to get rid of it - can I safely do so? > > Peter > > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.