质疑未知系统文件(unknown system files)的合法性是正常的,尤其是当它们异常消耗系统资源时。如果您启动任务管理器(Task Manager)并发现名为MRT.exe的进程具有不合理的高CPU使用率,您完全有理由担心。
在本指南中,我们将解释 mrt.exe 的含义及其作用。同样,您将学习如何确定您的 PC 上是否有文件的安全副本。
什么是mrt.exe?
mrt.exe 是Microsoft Windows 恶意软件删除工具(Microsoft Windows Malicious Software Removal Tool)的可执行文件。您会在每台运行Windows操作系统的计算机上找到此文件。Microsoft设计了恶意软件删除工具(Malicious Software Removal Tool),以偶尔扫描您的计算机以查找流行的恶意软件、病毒和蠕虫。
默认情况下,恶意软件删除工具(Malicious Software Removal Tool)在后台休眠,每月仅运行一次。您还可以手动使用该工具对您的计算机运行快速扫描(Quick scan)、全面扫描(Full scan)或自定义扫描(Customized scan)。
要访问软件删除工具的交互界面,请在Windows 搜索栏中键入(Windows Search)mrt.exe ,然后选择打开(Open)。按照提示选择要执行的扫描类型。
如果该工具检测到任何感染,它会立即将其删除并创建一份报告,其中包含扫描的文件数、受感染文件数和已删除文件数。
该报告会自动生成并保存在名为 mrt.log 的文本文件中。转到本地磁盘 (C:)(Local Disk (C:)) > Windows >调试(debug)并双击mrt.log文件以查看扫描报告。
如何减少 mrt.exe高 CPU 使用率(High CPU Usage)
有时,临时系统故障可能会导致软件删除工具消耗过多的系统资源。在任务管理器(Task Manager)中右键单击MRT.exe ,然后选择结束任务(End task)。
如果该进程再次出现在任务管理器(Task Manager)中并继续异常消耗CPU和内存占用,请重新启动 PC 并再次检查。如果问题仍然存在,则软件删除工具可能已被感染且不安全。
mrt.exe 安全吗?3 种检查方法
恶意软件删除工具(Malicious Software Removal Tool)由Microsoft内置于Windows操作系统中。它是安全的,不会对您的计算机造成任何问题。
但是,如果当您检查任务管理器(Task Manager)时 mrt.exe 始终处于活动状态,则病毒可能被伪装成恶意软件删除工具(Malicious Software Removal Tool)。下面列出的技术将帮助您确定您 PC 上的 mrt.exe 文件是真实的还是伪造的。
1.检查文件位置
恶意软件删除工具(Malicious Software Removal Tool)的可执行文件位于 Windows 10 设备上的 system32 文件夹 (C:WindowsSystem32) 中。如果文件位于其他位置,则可能是病毒或恶意软件。按照以下步骤检查计算机上的位置 mrt.exe 文件。
1. 按Ctrl + Shift + Esc启动Windows 任务管理器(Windows Task Manager)。
2. 转到详细信息(Details)选项卡,右键单击MRT.exe ,然后在上下文菜单中选择打开文件位置。(Open file location)
如果在任务管理器(Task Manager)中找不到该文件,请在Windows 搜索(Windows Search)栏中键入mrt.exe ,然后选择打开文件位置(Open file location)。
这将打开一个新的文件资源管理器(File Explorer)窗口,突出显示MRT.exe文件。
3. 单击文件资源管理器的地址栏以检查文件位置。
2.检查文件的数字(Digital)签名
某些木马和蠕虫在感染您的 PC 时会创建MRT.exe文件的恶意副本。数据安全和网络安全公司Trend Micro(Trend Micro—a)报告的TROJ_TIBS.DC 木马(TROJ_TIBS.DC trojan)就是一个很好的例子。
检查 MRT.exe 的数字签名也是检测您是否拥有该文件的正版副本的有效方法。在文件资源管理器(File Explorer)或任务管理器(Task Manager)中右键单击MRT.exe ,然后选择属性(Properties)。
转到数字签名(Digital Signatures)选项卡并检查签名者名称(Name of signer)列。
如果签名者或发布者不是Microsoft Windows,则您拥有MRT.exe文件的恶意副本。通过您的防病毒软件运行该文件或将其从您的 PC 中删除。
注意:(Note:)可以在任务管理器(Task Manager)中找到多个MRT.exe实例。如果您的 PC 出现这种情况,请确保检查每次出现的文件位置和数字签名。
3. 使用在线文件分析器进行扫描(Online File Analyzer)
在没有反恶意软件的情况下,请使用VirusTotal等在线病毒扫描程序(online virus scanners)来检查您计算机上的MRT.exe文件是否是恶意的。访问VirusTotal 网站(VirusTotal website),导航到文件(File)部分,然后将MRT.exe文件上传到网站。
VirusTotal将扫描和分析文件中的恶意软件、蠕虫和其他类型的恶意内容。
你应该删除 mrt.exe 吗?
如果 mrt.exe 位于 system32 文件夹之外,则应从计算机中删除恶意软件删除工具。(Malicious Software Removal Tool)同样(Likewise),如果该文件未经Microsoft签名,或者您的安全软件将其标记为恶意文件,请删除该文件。
只要您有专门的反恶意软件工具或病毒扫描程序,您就可以不用Windows 恶意软件删除工具(Windows Malicious Software Removal Tool)。但是,我们建议在您的计算机上安装该工具以提高安全性。如果您因为文件有问题或不诚实而删除了该文件,您应该从 Microsoft 网站下载并重新安装 mrt.exe 的官方副本(official copy of mrt.exe from the Microsoft website)。
运行 Windows系统文件检查器 (SFC)(System File Checker (SFC))或检查磁盘实用程序(Check Disk Utility)还将在您的 PC 上重新安装正版 mrt.exe 文件。同样安装Windows 更新 — 转到(Windows Update—go)设置>(Settings)更新和安全(Update & security)> Windows 更新(Windows Update)>检查更新(Check for updates)并在页面上安装任何可用更新。
保持保护
尽管恶意软件删除工具(Malicious Software Removal Tool)有助于从您的 PC 中删除特定的恶意软件,但微软(Microsoft)强调它不能替代防病毒软件。您需要在 PC 上运行专用的防病毒程序来提供全天候保护。
查看我们对免费和付费病毒和恶意软件扫描程序的汇编(compilation of free and paid virus and malware scanners)。此外,请查看这篇关于在 Windows 上完全删除恶意软件的(removing malware completely on Windows)文章。这些资源包含一些出色的工具,可帮助终止您设备上的恶意软件进程和其他安全威胁。
What is mrt.exe in Windows and Is It Safe?
It’s normal to question the legitimаcy of unknown system files, especially when they abnormally consume system resources. If you launch the Task Manager and discover that a process dubbed MRT.exe has unreasonably high CPU usage, you have every reason to be concerned.
In this guide, we’ll explain what mrt.exe means and what it does. Likewise, you’ll learn how to determine if you have a safe copy of the file on your PC.
What Is mrt.exe?
mrt.exe is the executable file for the Microsoft Windows Malicious Software Removal Tool. You’ll find this file on every computer running the Windows operating system. Microsoft designed the Malicious Software Removal Tool to occasionally scan your computer for popular malware, viruses, and worms.
By default, the Malicious Software Removal Tool hibernates in the background and only runs once a month. You can also manually use the tool to run a Quick scan, Full scan, or Customized scan of your computer.
To access the interactive interface of the software removal tool, type mrt.exe in the Windows Search bar and select Open. Follow the prompt and select the type of scan you want to perform.
If the tool detects any infection, it removes it immediately and creates a report containing the number of files scanned, files infected, and files removed.
The report is automatically generated and saved in a text file dubbed mrt.log. Go to Local Disk (C:) > Windows > debug and double-click the mrt.log file to view the scan reports.
How to Reduce mrt.exe High CPU Usage
Sometimes, a temporary system glitch could cause the software removal tool to consume excessive system resources. Right-click MRT.exe in the Task Manager and select End task.
If the process reappears in the Task Manager and continues to abnormally consume CPU and memory footprint, restart your PC and check again. Should the problem persist, the software removal tool is probably infected and unsafe.
Is mrt.exe Safe? 3 Ways to Check
The Malicious Software Removal Tool is built into the Windows operating system by Microsoft. It is safe and won’t cause any problem on your computer.
However, if mrt.exe is always active when you check the Task Manager, a virus could be camouflaged as the Malicious Software Removal Tool. The techniques listed below will help you determine if the mrt.exe file on your PC is genuine or a fraudulent imitation.
1. Check the File Location
The executable file of the Malicious Software Removal Tool is housed in the system32 folder (C:\Windows\System32) on Windows 10 devices. If the file is located elsewhere, then it’s probably a virus or malware. Follow the steps below to check the location mrt.exe file on your computer.
1. Press Ctrl + Shift + Esc to launch the Windows Task Manager.
2. Go to the Details tab, right-click on MRT.exe and select Open file location on the context menu.
If you can’t find the file in the Task Manager, type mrt.exe in the Windows Search bar and select Open file location.
That’ll open a new File Explorer window highlighting the MRT.exe file.
3. Click the File Explorer’s address bar to check the file location.
2. Check the File’s Digital Signature
Some trojans and worms can create malicious copies of the MRT.exe file when they infect your PC. A good example is the TROJ_TIBS.DC trojan, as reported by Trend Micro—a data security and cybersecurity company.
Examining the MRT.exe’s digital signature is also an effective way to detect whether or not you have a genuine copy of the file. Right-click MRT.exe in the File Explorer or Task Manager and select Properties.
Go to the Digital Signatures tab and check the Name of signer column.
If the signer or publisher isn’t Microsoft Windows, you have a malicious copy of the MRT.exe file. Run the file through your antivirus software or delete it from your PC.
Note: It’s possible to find multiple instances of MRT.exe in the Task Manager. If that’s the case with your PC, make sure you check the file location and digital signature for each occurrence.
3. Scan with an Online File Analyzer
In the absence of anti-malware software, use online virus scanners like VirusTotal to check if the MRT.exe file on your computer is malicious. Visit the VirusTotal website, navigate to the File section, and upload the MRT.exe file to the website.
VirusTotal will scan and analyze the file for malware, worms, and other types of malicious content.
Should You Delete mrt.exe?
You should remove the Malicious Software Removal Tool from your computer if mrt.exe is outside the system32 folder. Likewise, delete the file if it isn’t signed by Microsoft, or if your security software flags it as malicious.
As long as you have a dedicated anti-malware tool or virus scanner, you can do without the Windows Malicious Software Removal Tool. However, we recommend having the tool on your computer for extra security. If you deleted the file because it’s problematic or ingenuine, you should download and reinstall an official copy of mrt.exe from the Microsoft website.
Running the Windows System File Checker (SFC) or the Check Disk Utility will also reinstall a genuine mrt.exe file on your PC. Likewise installing a Windows Update—go to Settings > Update & security > Windows Update > Check for updates and install any available update on the page.
Stay Protected
Although the Malicious Software Removal Tool helps to eliminate specific malicious software from your PC, Microsoft stresses that it isn’t a replacement for antivirus software. You need a dedicated antivirus program running on your PC for around-the-clock protection.
Have a look at our compilation of free and paid virus and malware scanners. Additionally, check out this article on removing malware completely on Windows. These resources contain some great tools that’ll help terminate malware processes and other security threats on your device.