What is MPSigStub.exe and How to Delete It

MpSigStub.exe is a trusted Microsoft installer application that is part of the Windows Automatic Update tool. Its role is to extract update files in a temporary directory. Besides WU (Windows Update), the MpSigStub executable is also used by Microsoft Windows Defender and Microsoft Malware removal tool for extracting purposes.

Every time you use Automatic Update or a stand-alone installer, the update package is automatically extracted in a temporary directory (a folder with a name like 5b7ebf9872d5b93ab156a444). This operation is performed by the MpSigStub.exe installer. After the update is extracted in the temp folder, MpSigStub.exe will perform various checkups and determines if the extracted files are ready to be applied.

By default, MpSigStub.exe is located in C:/ Windows / System 32, but you can also encounter it inside a temporary folder created by the update installer. In some case, you can discover multiple copies of MpSigStub.exe.

The confusion around MpSigStub.exe

Back when Microsoft was preparing to launch Windows 10, MPSigStub.exe was implemented on Windows Vista, Windows 7 and Windows 8.1 with a silent update. Users were rightfully suspiciously as the executable had no Microsoft credentials in the Properties window. Even more strange, some users have noticed that the file was located on the second partition (not the one accommodating the OS) or even on an external hard drive.

To add to the confusion, the executable contains the word Stub – a stub is a file created by a crypter that encrypts a malicious program in order to make it undetectable by anti-virus software. It’s often attached to the executable which is encrypted and read-only.

However, some malware/trojans are known to be capable of camouflaging themselves as the MPSigStub.exe, and hide inside C:\ Windows or C:\ Windows\ system 32. In the first couple of weeks after it has been implemented, a number of antivirus suites like SpyHunter, McAfee and Bullguard flagged and even quarantined MPSigStub.exe for suspicious activity related to registry change. Since then, people have rightfully reported it as a false positive in their security suites, so your antivirus should not flag it unless it’s actually a camouflaged malware.

Deleting MPSigStub.exe

Normally, MPSigStub.exe and the folder it has created should be automatically deleted when the update process is complete and MPSigStub.exe is no longer used.

Even though it won’t end up breaking your system files, deleting the MPSigStub executable is completely unnecessary on normal terms. However, there are situations where the update installer will glitch out and create multiple strange folders with the MPSigStub executable in each of them. Typically, those folders are created on external media and hard drives. This is only known to happen on Windows versions older than Windows 10.

Users encountering the MPSigStub.exe glitch complained that their system wouldn’t let them delete the folders with the executable normally. But keep in mind that even if you manage to delete MPSigStub.exe, Windows will automatically recreate the file the next time it needs it.

Below you have a collection of methods that will allow you to delete the MPSigStub.exe file and the folder it has created. Please follow whichever one seems more accessible to you. Let’s begin:

Note: There’s no need to delete it unless you’re actually suffering from the glitch that produces multiple instances of the MPSigStub.exe. If that’s the case, apply one of the methods below to each of the folder that contains the MPSigStub executable. Keep in mind that deleting the MPSigStub.exe located in Windows / System 32 will not remove any generated folder.

Method 1: Opening File Explorer (Windows Explorer) in Administrator Mode

This is perhaps the easiest method of bypassing the permission issue when having to delete the MPSigStub executable. It involves opening the built-in file explorer with administrative privileges. Here’s how to delete the MPSigStub.exe with explorer.exe in Administrator mode:

  1. Click on the Start bar in the bottom-left corner and search for explorer.exe. Right-click on File Explorer (Windows Explorer) and select Run as Administrator.
    Note: Depending on your Windows version, you might see explorer.exe listed as File Explorer or Windows Explorer.
  2. UAC (User Account Control) will then ask you if you’ll allow explorer.exe to make changes to the system. Select Yes.
  3. With explorer.exe in administrator mode, navigate to the location of the folder that hosts MPSigStub.exe right-click on it and hit Delete. If you have administrative privileges, the process should complete successfully.

Method 2: Changing Permissions for MPSigStub.exe

The same result can be achieved by changing the permissions for the MPSigStub executable. This might take a little longer, but you won’t end up granting unnecessary permissions. Here’s what you need to do:

  1. Navigate to the location of MPSigStub.exe, right-click on it and go to Properties.
  2. Go to the Security tab and click the Edit button to change permissions.
  3. In the Permissions window, select Users and make sure that your account is set as active, then move downwards and check all the boxes under Allow. Finally, hit Apply to save your selection.
  4. Now return to the location of MPSigStub.exe and delete it normally.

Method 3: Deleting MPSigStub.exe via Command Prompt

This method is a little more complicated since it involves using Command Prompt. However, it will not require you to modify permissions or navigate with administrator privileges. Here’s what you need to do:

  1. Press Windows key + R to open a Run window. Then, type cmd and hit Enter to open a Command Prompt window.
  2. Use Command Prompt to navigate to the partition where MPSigStub.exe is located. Start by typing your drive letter followed by “:” (i.e d: or c:) .
    Note: If the folder is located on the C drive, you will also need to type cd/ and hit Enter in order to return to the root location of your Windows drive.
  3. Access the folder that is holding the MPSigStub.exe by typing cd *yourfoldername*. If the folder has an extremely long name, you can type the first few characters followed by an asterisk.
  4. Delete the MPSigStub.exe file inside by typing “del MPSigStub.exe” and hitting Enter.
  5. Return back to the folder level by typing “cd..”.
  6. Finally, delete the generated directory by typing “rmdir *FolderName*” and hit Enter.
    Note: Like we did before, you can only type the first few letters followed by an asterisk if the name is too long.

That’s it. The folder along with the MPSigStub.exe is now deleted.


Kevin Arrows

Kevin Arrows is a highly experienced and knowledgeable technology specialist with over a decade of industry experience. He holds a Microsoft Certified Technology Specialist (MCTS) certification and has a deep passion for staying up-to-date on the latest tech developments. Kevin has written extensively on a wide range of tech-related topics, showcasing his expertise and knowledge in areas such as software development, cybersecurity, and cloud computing. His contributions to the tech field have been widely recognized and respected by his peers, and he is highly regarded for his ability to explain complex technical concepts in a clear and concise manner.