MRT.exe (Malicious Software Removal Tool)

[wallofasgard]

Is it FP or Real Malware?

http://www.mediafire.com/download/2jvp1bje6w0689d/mrt.rar

[Eddy]

File size: 4.26 KB
Do you really think a application that small can remove malware?

[wallofasgard]

So i deleted it.I thought it was a downloader or the like.

thank for clarifying.

[Pondus]

Test suspicious files at www.virustotal.com / www.metascan-online.com

[wallofasgard]

Thanks. I trust AVAST enough...if i need a file,i'll just have to exclude it.And if i dont need it i just have to delete it after doing some research about the origin of a specific file.

[Michael (alan1998)]

https://www.virustotal.com/en/file/bba92ab706c22914da3222720c35f9e8bc165c03991b0375ee6890906debafb4/analysis/1417606520/

@Eddy, compressed, it is 4KB. But, even at 8KB, it is still too small.

[Pondus]

Copyright

© Microsoft Corporation. All rights reserved.


Publisher Microsoft Corporation

Product Microsoft Windows Malicious Software Removal Tool

Original name mrt.exe

Internal name mrt.exe

File version 5.13.10300.0

Description Microsoft Windows Malicious Software Removal Tool

First submission 2014-08-03 08:03:49 UTC ( 4 months ago )

[Michael (alan1998)]

What has me concerned Pondus, Is how small that is.
A google search quickly turns out that the actual download SHOULD be 30 MB.

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
One, can fake a signature...

Edit: When I return into a less, hostile envirroment where I won't get yelled at for this. I will test out this MRT file inside a V irtual Machine :-)

[Eddy]

Another indication is the location.
Why downloading it from mediafire while you can from MS?

[Pondus]

Another indication is the location.
Why downloading it from mediafire while you can from MS?

maybe it was  @wallofasgard  that uploaded it to mediafire for us to check it?

[Pondus]

What has me concerned Pondus, Is how small that is.
A google search quickly turns out that the actual download SHOULD be 30 MB.

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
One, can fake a signature...

Edit: When I return into a less, hostile envirroment where I won't get yelled at for this. I will test out this MRT file inside a V irtual Machine :-)

file is 4 months old .... and avast have now removed detection
https://www.virustotal.com/nb/file/bba92ab706c22914da3222720c35f9e8bc165c03991b0375ee6890906debafb4/analysis/1417619824/

[Michael (alan1998)]

Another indication is the location.
Why downloading it from mediafire while you can from MS?

maybe it was  @wallofasgard  that uploaded it to mediafire for us to check it?

Presumably...

What has me concerned Pondus, Is how small that is.
A google search quickly turns out that the actual download SHOULD be 30 MB.

http://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx
One, can fake a signature...

Edit: When I return into a less, hostile envirroment where I won't get yelled at for this. I will test out this MRT file inside a V irtual Machine :-)

file is 4 months old .... and avast have now removed detection
https://www.virustotal.com/nb/file/bba92ab706c22914da3222720c35f9e8bc165c03991b0375ee6890906debafb4/analysis/1417619824/

ermmm... that's annoying

Edit: Why would Avast! remove the detection of (Presumably, malware) that's making an Obvious attempt to hide itself using a M$ signature?

[Pondus]

  Edit: Why would Avast! remove the detection of (Presumably, malware) that's making an Obvious attempt to hide itself using a M$ signature?

@Michael    Message to you from Avira lab

  Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC01780449.

A listing of files alongside their results can be found below:

File ID   Filename   Size (Byte)   Result
28343717   mrt.exe   7.5 KB   CLEAN

Please find a detailed report concerning each individual sample below:

Filename   Result
mrt.exe   CLEAN

The file 'mrt.exe' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.   

Norman/BlueCoat

This file does not have any malicious content.
Thanks for submission.

[Michael (alan1998)]

Wtf?

Seriously? That's ever so slightly irritating!!! It's a FAKE! GR! Unfortunately, I'm grounded from computers (No, they don't know I'm on Avast! right now).

I shall Test on Saturday!!