What is MRT.exe (Windows Malicious Software Removal Tool)

Do you happen to see a lot of disk activity and you’re wondering what the MRT.exe is? Also, here are some infos why you should *not* delete the MRT.exe or disable anonymous reports.

What is it?

MRT.exe is the Windows Malicious Software Removal Tool. It scans for malicious files like viruses in the background and is updating itself every patch day (second Tuesday in a month). The program (MRT.exe) will have a lot of disk activity at specific times and is also sending anonymous data to Microsoft about viruses and problems. There’s nothing wrong with that, in fact it’s a positive sign when the MRT.exe is running in the background.

What is MRT.exe

Where is the MTR.exe located?

MRT.exe can be found in C:/Windows/system32 .. any other path should be considered a security warning and analysed immediately!

Where are the log files that store scan results?

The tool stored a log file with all scan results. In order to figure out the cause for a high CPU load, it is essential that you verify the scan results and remove any malicious software.

The log files of the removal tool are in the following directory: %windir%\debug\. Make sure to check the file mrt.log. If you find any return codes in that file other than “0″, you have malicious software on your system which should be removed.

Opening Mrt Log File.png

Do I need the MRT.exe

If you have secured your system with other security tools, such as Malwarebytes, SuperAntiSpyware, Search & Destroy or Adware (Top5 Spyware Scanner for Windows 7), you may not need the MRT.exe. You can disable the Windows 7 security center completely AND delete the file MRT.exe after creating a backup. However, I advise you not do this, more below.

Is it safe to delete MRT.exe?

Yes, you can safely delete the MRT.exe. However, I urge you not do this if you want to keep your PC secure. Only if you have encountered problems with that specific program I would consider removing it. Also, before you remove the MRT.exe create a backup, although you can probably restore it via sfc.exe anyway since it’s stored in the system32 folder.

I want to disable anonymous reports. How?

You may want to disable anonymous reports that are send to Microsoft. However, since it is anonymous this is not a security-risk and will help Microsoft to improve their tool to find even more viruses.

Unfortunately, virus creators attack more and more endusers with viruses that are not recognized. Keep in mind, viruses that are not very common can often not be identified by anti-virus software. Therefore security firms rely on anonymous reports to find new viruses! You can actively help to find new viruses if you enable anonymous reports.

If you still want to disable anonymous reports, you may download this registry key: Disable anonymous MRT.exe reports

Alternatively, you can copy the following text into a notepad and save it as a .reg file, then execute via double-click:

Windows Registry Editor Version 5.00


Why is it causing high CPU load?

One of the reasons why it may be causing a CPU load is that it is trying to remove malicious software from your PC. To better understand this, open the log files as explained above. The log file is called mrt.log

If that is not the case, you should consider installing Malwarebytes and scan your entire system. Watch the video guide below to better understand what I am talking about.

Video Guide

I have recorded a 3 minute long guide that will help you to better understand what the MRT executable is and how to fix any issues.

5 of 5 0 (100%) 1 vote
- Cheers!

Written by:
Oliver is the founder and lead editor of this site. He is interested in finding new ways to break Windows, find common errors and help others to fix them. Aside from that, he loves to fully customize systems with Rainmeter and Dreamscene, find out more about ancient civilizations like the Chachapoya, sharpen his digital photography skills and create software with a small group of selected developers. If you would like to connect with him to discuss anything, send him a mail!

Learn More About.Me

Follow me on Twitter for daily updates:

Contact The Author:

Get Free Help

Connect With Our Site:



Need help? Ask a question at our QA site, click the red button to get started:
Want to support us? Great, simply buy your favorite games from G2A via our referral link (g2a.com/r/win7themes) and save money at the same time:

4 Responses to What is MRT.exe (Windows Malicious Software Removal Tool)

  1. Orange Community Approved Comment:
    wildcatherder said:

    You should note that RadioTime’s RedButton software (an Internet radio scheduler recorder) also runs a file called MRT.exe. It consumes 2% of CPU resources when playing back its files, perhaps more during recording (multiple sources can record simultaneously).

  2. Orange Community Approved Comment:
    Oliver Krautscheid said:

    Yes, it’s quite possible that other tools use a similar exe file – in that case you need to look up the process location in the task manager.

  3. Orange Community Approved Comment:
    Jack said:

    I have 21 instances of this application in different seperate folders in my C:/ drive, are these malicious at all and/or should they be removed and what do they mean?

  4. Orange Community Approved Comment:
    Oliver Krautscheid said:

    Jack, what does Malwarebytes say, any positives?

    Inspect further, doesn’t look normal to me, very possible a self-duplicating rootkit or similar

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current day month ye@r *