Results 1 to 3 of 3
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Philadelphia, PA, USA
    Posts
    10
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Question MRT.exe misplaced in suspicious directory

    Hi ho, Windows Security afficionados --
    While taking a look at my hard drive's directory tree recently, I discovered a new directory (folder) that wasn't there when I last looked, maybe two weeks or so ago. The new directory is named "eeceeb10d 5136acd4bf33e0798b028" -- obviously one of those randomly-generated directory names that MS concocts when it's mucking about in the background with updates and whatnot. This new directory contains only one file, an executable named "MRT.exe," which is 47,946,184 bytes in size, and its date of installation is listed as October 15, 2011, though I'm quite certain I've glanced at my hard drive's directory several times since that date and have not spotted this rogue directory with its single file before. Also, its properties dialogue shows the proper Certification and Digital Signatures and so forth from Microsoft. In any case, after doing a bit of web research on this curiosity, I find that the consensus seems to be that the file "MRT.exe" is a legitimate component of the MS Malware Removal Tool, but the general opinion also maintains that "MRT.exe" ought to be located in the directory C:\Windows\System32 and possibly also in C:\Windows\SysWOW64. And sure enough it is in those two places on my hard drive, and it is also in the subdirectory C:\Windows\winsxs and it occurs twice again in two further subdirectories under that subdirectory. In every case it shows a different date of installation, and in four of the five places where that same filename shows up, it shows a different file size, the one in the new directory being the largest of all. So I suppose the "rogue" file and directory are authentic, or at least not malicious -- a scan with Malwarebytes did not flag it -- but it also seems like the file in the new bizarrely-named directory may be a fluke.
    To get to my question, finally: Do you think it would be alright for me to delete the directory eeceeb10d 5136acd4bf33e0798b028 and its single executable? I like to run a tight, clean, lean machine, and I'd rather not have obnoxious mile-long directory names showing up in my directory, especially not up near the top of the tree, and especially if they're not really necessary. Any opinions/info/experience on this point out there?
    Thanks!

  2. #2
    Super Moderator BATcher's Avatar
    Join Date
    Feb 2008
    Location
    A cultural area in SW England
    Posts
    3,421
    Thanks
    33
    Thanked 195 Times in 175 Posts
    Those directory names with hexadecimal characters are the temporary directories used by Windows Update for, well, updating. They should be removed automatically after use, but occasionally aren't because of unexpected power-off, naff installer programming, and so on. Just go ahead and delete the directory and its contents. There will be another MRT along in a month's time!
    BATcher

    Time prevents everything happening all at once...

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Philadelphia, PA, USA
    Posts
    10
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by BATcher View Post
    Those directory names with hexadecimal characters are the temporary directories used by Windows Update for, well, updating. They should be removed automatically after use, but occasionally aren't because of unexpected power-off, naff installer programming, and so on. Just go ahead and delete the directory and its contents. There will be another MRT along in a month's time!
    Message understood. Well done. Thank you very much, BATcher.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •