What is MRT.exe (Windows Malicious Software Removal Tool)

Do you happen to see a lot of disk activity and you’re wondering what the MRT.exe is? Also, here are some infos why you should *not* delete the MRT.exe or disable anonymous reports.

What is it?

MRT.exe is the Windows Malicious Software Removal Tool. It scans for malicious files like viruses in the background and is updating itself every patch day (second Tuesday in a month). The program (MRT.exe) will have a lot of disk activity at specific times and is also sending anonymous data to Microsoft about viruses and problems. There’s nothing wrong with that, in fact it’s a positive sign when the MRT.exe is running in the background.

What is MRT.exe

Where is the MTR.exe located?

MRT.exe can be found in C:/Windows/system32 .. any other path should be considered a security warning and analysed immediately!

Where are the log files that store scan results?

The tool stored a log file with all scan results. In order to figure out the cause for a high CPU load, it is essential that you verify the scan results and remove any malicious software.

The log files of the removal tool are in the following directory: %windir%\debug\. Make sure to check the file mrt.log. If you find any return codes in that file other than “0”, you have malicious software on your system which should be removed.

Opening Mrt Log File.png

Do I need the MRT.exe

If you have secured your system with other security tools, such as Malwarebytes, SuperAntiSpyware, Search & Destroy or Adware (Top5 Spyware Scanner for Windows 7), you may not need the MRT.exe. You can disable the Windows 7 security center completely AND delete the file MRT.exe after creating a backup. However, I advise you not do this, more below.

Is it safe to delete MRT.exe?

Yes, you can safely delete the MRT.exe. However, I urge you not do this if you want to keep your PC secure. Only if you have encountered problems with that specific program I would consider removing it. Also, before you remove the MRT.exe create a backup, although you can probably restore it via sfc.exe anyway since it’s stored in the system32 folder.

I want to disable anonymous reports. How?

You may want to disable anonymous reports that are send to Microsoft. However, since it is anonymous this is not a security-risk and will help Microsoft to improve their tool to find even more viruses.

Unfortunately, virus creators attack more and more endusers with viruses that are not recognized. Keep in mind, viruses that are not very common can often not be identified by anti-virus software. Therefore security firms rely on anonymous reports to find new viruses! You can actively help to find new viruses if you enable anonymous reports.

If you still want to disable anonymous reports, you may download this registry key: Disable anonymous MRT.exe reports

Alternatively, you can copy the following text into a notepad and save it as a .reg file, then execute via double-click:

Windows Registry Editor Version 5.00


Why is it causing high CPU load?

One of the reasons why it may be causing a CPU load is that it is trying to remove malicious software from your PC. To better understand this, open the log files as explained above. The log file is called mrt.log

If that is not the case, you should consider installing Malwarebytes and scan your entire system. Watch the video guide below to better understand what I am talking about.

Video Guide

I have recorded a 3 minute long guide that will help you to better understand what the MRT executable is and how to fix any issues.

Published: Wednesday, October 29th, 2014 Last Modified: October 29, 2014