Protect Yourself From Tech Support Scams
Learn More
October 14, 2019
Protect Yourself From Tech Support Scams
Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee
and that the phone number is an official Microsoft global customer service number.
Windows defender keeps telling me it can not update spyware and virus because internet connection failed, although connection is fine. I notice that MPSigStub was recently installed on my unbeknownst to me. Should I remove this?
I would like to inform you that MpSigStub.exe is a MS installer application used in conjunction with Windows Automatic Updates. It extracts update files to a temporary directory.
Microsoft does publish the files Mpminisigstub.exe and MPSigStub.exe, which assists in updating signatures. However, the best bet is to check
if they are properly signed by Microsoft.
Note: Anyone can create a binary called notepad.exe to trick you into allowing their malware to run. You should always verify the signature of a binary before trusting it.
You should really change that name ... the STUB part scares alot of people into thinking its a trojan horse as some file crypters for those often use stubs to crypt their files to keep them undetected from online scanners like virustotal.
You make a windows update look like there is some noob trying to infect people.
9 people were helped by this reply
·
Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
Curiously, I found this file located in my external disk disk drive, which is strange because I have no anti-malware/virus programs or files on that drive at all. It just seems like a weird place to write itself to.
At first I was seeing the same thing as Mike-EE in the Details tab of the MPSigStub Properties window. I attempted to rename the file to MPSigStub.old but I discovered I had no permission to do anything with the file despite being on an Administrator profile.
It's really stupid that Microsoft doesn't automatically give me permission to do what I want with files that it automatically downloads onto my computer.
But, after giving myself permission in the Security tab, the details tab now looks like this:
So, if this is to be believed, then I am fine with leaving it where it is.
3 people were helped by this reply
·
Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
Funny thing is, after the update is done, the file becomes 100% useless trash.
All that trouble for nothing.
I have see it on external drives from time to time though.
However, you should be able to remove it, unless it is still in an active state. Try disconnecting the external HDD, reboot the system, turn the external HDD back on, and you should be able to remove it just fine.
Other then that you can't do anything with the file, as its just protected by layers of ownership permissions and what not.
Being an official Microsoft/Windows file and all. That still looks like something it shouldn't.
3 people were helped by this reply
·
Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
in System32 I have mpSigStub.exe with all the stuffs (copyright, etc.) and in my C: drive I have some weird folder like 5b7ebf9872d5b93ab156a444 . Also, some of them don't have mpSigStub, but have MRT.exe
I would like to know if it's safe to delete these folder? I read somewhere that it's only temporary and it's safe to delete these weird folder, but I want to be sure.
Thank you
4 people were helped by this reply
·
Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.
Yeah it generates those folder as temp storage location I think, the names could possibly be related to the files safety checksum hash but whatever, it does not really matter.
You can indeed just delete them without problems.
2 people were helped by this reply
·
Did this solve your problem?
Sorry this didn't help.
Great! Thanks for marking this as the answer.
How satisfied are you with this reply?
Thanks for your feedback, it helps us improve the site.