Jump to content
timisc

SYSTEM32\MRT.EXE false positive?

Recommended Posts

I recently installed SAS on a relatively new Windows 8 PC, and have run all of the scans and cleaned up a bunch of things.

 

This morning I got a popup:

 

Real-Time Protection Blocked Item Alert!

Rogue.Agent/Gen-Nullo[EXE].Process

C:\WINDOWS\SYSTEM32\MRT.EXE

It is recommended to perform a complete scan to ensure removal.

 

I clicked on the Scan Now button, which took me to the main menu of SAS.

 

I then clicked on Complete Scan, and after running it found one tracking cookie and nothing to do with mrt.exe.

 

I know that mrt.exe is associated with Microsoft's Malicious Software Removal Tool, so I'm wondering if SAS might have picked up a signature that MRT is looking for?

 

I'm also concerned that the popup found something that the complete scan didn't.

 

Where to from here? Should I check it out further, or just shrug my shoulders and put it down to "one of those things"?

Share this post


Link to post
Share on other sites

Hello timisc,

 

I've done some investigating and I'm fairly certain that this is a false detection. The Gen-Nullo[EXE] definition is very old and I'm actually surprised that it is still active. It has been deactivated, and MRT.exe should no longer be detected as of database version 11518 which will be released later today.

 

Please let me know if you have any other questions or concerns.

 

SUPERAntiSpyware Malware Research

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...