How to get rid of MPSigStub

Hi,

Thank you for posting on Microsoft Communities.

I would like to inform you that MpSigStub.exe is a MS installer application used in conjunction with Windows Automatic Updates. It extracts update files to a temporary directory.

Microsoft does publish the files Mpminisigstub.exe and MPSigStub.exe, which assists in updating signatures. However, the best bet is to check if they are properly signed by Microsoft.

Note: Anyone can create a binary called notepad.exe to trick you into allowing their malware to run.  You should always verify the signature of a binary before trusting it.

Reference:

http://social.answers.microsoft.com/Forums/en-US/mseupdate/thread/d4e9849e-7bd1-4580-aa43-695321a8f10f

To get rid of this malware threat, I suggest you to run the Microsoft Safety Scanner and check:

Microsoft Safety Scanner: http://www.microsoft.com/security/scanner/en-us/default.aspx

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

Please reply us on the status of the issue to assist you further.

That same file appeared on my PC and i decided to delete it, Ill let ya know if anything weird happens

You should really change that name ... the STUB part scares alot of people into thinking its a trojan horse as some file crypters for those often use stubs to crypt their files to keep them undetected from online scanners like virustotal.

You make a windows update look like there is some noob trying to infect people.

Seriously.  What stealhtfire said.  This is pretty incredulous.

That is what I see when I look at the properties.  No Microsoft.  No nothing.  Are you certain we haven't been h@ck0r3d???

Seriously.  What stealhtfire said.  This is pretty incredulous.

That is what I see when I look at the properties.  No Microsoft.  No nothing.  Are you certain we haven't been h@ck0r3d???

It is 100% clean, but Microsoft just makes it look far more stupid then it has to be. A couple of days ago they did it again.

Like they are never going to learn.

Curiously, I found this file located in my external disk disk drive, which is strange because I have no anti-malware/virus programs or files on that drive at all. It just seems like a weird place to write itself to.

At first I was seeing the same thing as Mike-EE in the Details tab of the MPSigStub Properties window. I attempted to rename the file to MPSigStub.old but I discovered I had no permission to do anything with the file despite being on an Administrator profile. It's really stupid that Microsoft doesn't automatically give me permission to do what I want with files that it automatically downloads onto my computer.

But, after giving myself permission in the Security tab, the details tab now looks like this:

So, if this is to be believed, then I am fine with leaving it where it is.

Funny thing is, after the update is done, the file becomes 100% useless trash.

All that trouble for nothing.

I have see it on external drives from time to time though.

However, you should be able to remove it, unless it is still in an active state. Try disconnecting the external HDD, reboot the system, turn the external HDD back on, and you should be able to remove it just fine.

Other then that you can't do anything with the file, as its just protected by layers of ownership permissions and what not.

Being an official Microsoft/Windows file and all. That still looks like something it shouldn't.

Hi,

in System32 I have mpSigStub.exe with all the stuffs (copyright, etc.) and in my C: drive I have some weird folder like 5b7ebf9872d5b93ab156a444 . Also, some of them don't have mpSigStub, but have MRT.exe

I would like to know if it's safe to delete these folder? I read somewhere that it's only temporary and it's safe to delete these weird folder, but I want to be sure.

Thank you

Yeah it generates those folder as temp storage location I think, the names could possibly be related to the files safety checksum hash but whatever, it does not really matter.

You can indeed just delete them without problems.

Thank you

I deleted these folders and no problems :)