Fix: High CPU and Memory Usage by MRT.exe

MRT.exe is short for Malicious Removal Tool, which is a legitimate Windows program. When this program runs, it will spike CPU and Memory Usage due to the resources being consumed by it which it needs to perform its functions.

There are a couple of things that can cause this high CPU usage from the mrt.exe process. Mrt.exe (Malicious Software Removal Tool) is, in fact, a Windows own removal tool. So, if you see the mrt.exe running in the Task Manager then it doesn’t always mean that it is a virus. The Malicious Software Removal Tool is updated via the Windows Update every month (in the Tuesday update of every month). This tool is designed to run whenever it is updated but it shouldn’t run after that. In fact, it won’t run for the whole month or until the next time it is updated. So, if you see mrt.exe using high CPU just once or every once in a while then you probably don’t have to worry. It is normal for mrt.exe to consume a lot of resources. So, as long as it doesn’t always run then you don’t really have to worry. However, if you see mrt.exe running continuously for days then that is a red flag. Since mrt.exe isn’t supposed to run all the time or at least every day, there might be a virus pretending to be mrt.exe in the Task Manager.

Method 1: Delete files name Mrt.exe

The official Windows Malicious Software Removal Tool can be found at the location C:\Windows\system32. Any mrt.exe that is found anywhere else will be a virus or malware pretending to be the real mrt.exe. The first thing that you need to do is to delete the mrt.exe files that aren’t at C:\Windows\system32 location

Here are the steps for locating and deleting the malicious mrt.exe files

1. Hold Windows key and press E
2. Hold CTRL key and press F (CTRL + F)
3. Type mrt.exe and press Enter
4. Wait for the Windows to search for the file
5. Ideally, there should only be one mrt.exe in the search results. But if you see more, right-click the file and select Open file location. Right-click the file and select Delete. Repeat this step for all the mrt.exe files (if you have more) except for the one at C:\Windows\system32.

6. Make sure you don’t delete the file at C:\Windows\system32. The location of the file should be written below them (in the search results).
7. If you can’t delete the file then open the Task Manager by pressing CTRL, SHIFT and Esc key simultaneously (CTRL + SHIFT + Esc). Locate and select the mrt.exe task. Select End Task. Now repeat the steps given above and try to delete the file again

Once done the mrt.exe shouldn’t bother you with the high CPU usage. However, we will recommend you to follow the steps in method 2 to make sure your system is protected.

Note: If, after deleting the mrt.exe, you are seeing the message “MRT cannot be found” every time you login then do the following

1. Click https://learn.microsoft.com/en-us/sysinternals/downloads/autoruns and download the Autoruns.
2. Once downloaded, open the zip file (you will need WinRAR for this) and run mrt.exe.
3. Click the Logon tab and look for the mrt.exe in that list. If you can’t find mrt.exe in that list then click the Everything tab and locate mrt.exe in that list.

4. Right-click mrt.exe from that list and select Delete. Confirm any additional prompts.

You should see the mrt.exe related message on the startup again.

Method 2: Scan your Computer

If you have detected that the mrt.exe is running all the time then your computer is most likely infected. Even if you followed the steps in method 1, it is advised to scan your computer with a reputable security application.

1. You can download the antimalware program of your choice but if you aren’t sure then we will recommend Malwarebytes. Click here to download the Malwarebytes for Windows.
2. Once downloaded, run the Malwarebytes and scan your system.

Once done, your system should be free of any malware.