TechSpot

Folders with alpha-numeric names in my PC after update

By Dawn1113
Jun 15, 2012
Post New Reply
  1. Hi, guys. I just found two folders with gobbledygook alpha numeric names in one of my hard drives. I have no clue what they are. I did thorough Eset, Malwarebytes, and Super Anti-Spyware scans on my machine, none of which yielded anything.

    I checked the timestamps. The folders and the files were created at around the time I updated Windows just a few hours ago. I downloaded 10 security updates from Windows earlier today -- rather heavy since the previous update (last Tuesday) consisted of a single Windows Defender file. I'm really hoping that these are harmless leftovers from the Windows update.

    I checked them and inside one folder is an .exe file named MpMiniSigStub.exe while the other contains a file named mrtstub.exe. The strange folders are in the hard drive that I reserve for games. It is the drive with the most free space.

    I'm thinking of doing a complete re-install of Windows. Should I assume that my machine is infected with malware?

    Thanks in advance for your advice.
     
  2. jdillman1502

    jdillman1502 TS Enthusiast Posts: 232

    If you right click on the mrtstub.exe file, open properties and look at the Digital Signature tab, is it signed by Microsoft? If it is, then it's a legitimate part of the Malicious Software Removal Tool released each month. If not, then it is likely malware of some sort.
     
    Dawn1113 likes this.
  3. Dawn1113

    Dawn1113 TS Booster Topic Starter Posts: 375   +64

    I don't know why I didn't think of that. :D Yes, it does. Funny though, it doesn't seem to do anything. I mean it doesn't
    show up in Task Manager no matter what I do.

    Anyways, I guess I shouldn't worry about it too much. Thanks, jdillman1502.
     
  4. Marnomancer

    Marnomancer TS Booster Posts: 808   +51

    When you smell honey -oops- malware, it's Broni you run to. :)
     
  5. jdillman1502

    jdillman1502 TS Enthusiast Posts: 232

    The MSRT released each month just runs one time after it's installed. So you probably won't ever see it running in your task manager, unless you look at it right away.
     
  6. Dawn1113

    Dawn1113 TS Booster Topic Starter Posts: 375   +64

    Yeah, I took a look at the MS website to confirm it. Also checked the files through Virus Total. I didn't want to bother Broni with it until I was sure what was going on. The virus and malware section looks to be one of the busiest on the board.

    Apart from the digital signature, I should have taken the hint from the timestamp, which -- I've now confirmed through the Eset logs -- coincided exactly with the Windows update.
     
  7. Razer

    Razer TS Enthusiast Posts: 131   +11

    My friend told me that one can uninstal/remove an installed windows update, except updates that affect with important operating system files. He remind me that one should remove an update if sure it's causing the problem..
     
  8. learninmypc

    learninmypc TS Evangelist Posts: 5,387   +240

    How many years experience in computers does your friend have?
    Is your friend willing to replace any computer, he/she messes up, by removing an update, free of charge?
    I'm only asking because I've seen it happen. A know it all person I once knew turned a nearly new pc into a door stop cause he removed an update he thought was un necessary.
     
  9. ravisunny2

    ravisunny2 TS Ambassador Posts: 2,062   +8

    "folders with gobbledygook alpha numeric names" are temporary folders created during updates/installation.
     
    c3h899 likes this.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.