mshta... is this a virus or what?

Welcome to the Comodo Forum

Welcome, Guest. Please login or register.
May 17, 2008, 05:51:17 AM

155242 Posts
19190 Topics
47335 Members
Latest Member: sabino59

Welcome to the Comodo Forum

Desktop Security Products

Comodo Anti-Viruspyware (CAVS)

Virus/Malware Removal Assistance

mshta... is this a virus or what?

« previous next »

Pages: [1]

Go Down

Print

Author

Topic: mshta... is this a virus or what? (Read 504 times)

METREONFUTURE

Newbie

Offline

Offline

Posts: 1

mshta... is this a virus or what?

« on: April 11, 2008, 08:18:21 PM »

i was accessing my user accounts to add a password to my accound and comodo told me that mshta.exe was accessing my screen, and then it gave me a few more comodo warning pop ups. i blocked all of them.

so, is mshta a virus or what? should i delete it? i'm really confused on the issue.

is mshta.exe.mui bad?

i don't get it. i'm reading that some of this is a virus or something, but comodo and exet didn't pick it up... but then comodo blocked it when i clicked "user accounts" in the control panel. comodo didn't ask me about it again the second time. i deleted mshta.exe.mui and mshta.exe-331df029.pf

mshta.exe.mui and mshta.exe-331df029.pf both reappeared once after deleting them. the next time i deleted them they did not reappear.

this is the last hijack this log i got. i have never seen a virus detected by eset, antivir, comodo firewall on my pc

Mod Edit: {Converted to a text document attachment - please do not post HJT logs as they are too long. Please upload them for future reference.}

here's a link to the thread on another forum that i started first.

http://forums.pcper.com/showthread.php?t=453830


« Last Edit: April 12, 2008, 10:43:31 PM by Soyabeaner »	Logged

kail

Autonomous
Global Moderator
Comodo's Hero

Offline

Offline

Posts: 3215

I'm not grumpy, just misunderstood.

Re: mshta... is this a virus or what?

« Reply #1 on: April 11, 2008, 08:53:27 PM »

Hi METREONFUTURE, welcome to the forums

Firstly, I'm not sure about any file called "mshta.exe.mui".. with a ".mui" extension. But, "mshta.exe" is a legitimate Windows component for executing .HTA files and it just so happens that XPs User Accounts screen is an HTA. It will also run for the Add/Remove Programs applet (and others) when the Windows Classic style types are used.

So, usually MSHTA.EXE is SAFE. However, MSHTA.EXE can be infected/replaced/whatever. Take your version for a spin at Jotti's Malware Scan. and see what it says. Also run CFPs Malware scan.


	Logged

XP Pro+SP3 & CFP 3.0.22.349 & AntiVir PE 8.1.00.295 & Firefox 2.0.0.14
__
In theory, practice and theory are the same. In practice, they're not.

fazio93

Comodo Family Member

Offline

Offline

Posts: 82

Re: mshta... is this a virus or what?

« Reply #2 on: April 13, 2008, 12:25:15 PM »

does CFP automatically take it as "unsafe" b/c it came up on my comp while i was doing something.


	Logged

XP Home SP3, CFP 3.0.22.349, Avast! 4.8.1195
Spybot S&D 1.5, SUPERAntiSpyware, SpywareBlaster

Soyabeaner

VOLUNTEER
Global Moderator
Comodo's Hero

Offline

Offline

Posts: 5524

Re: mshta... is this a virus or what?

« Reply #3 on: April 13, 2008, 12:28:51 PM »

mshta is usually a legit Windows file

http://www.liutilities.com/products/wintaskspro/processlibrary/mshta/
http://www.processlibrary.com/directory/files/mshta/

There are a lot of legit files/processes that access the monitor and keyboard.

If still doubtful, try uploading to jotti or virustotal


« Last Edit: April 13, 2008, 12:32:28 PM by Soyabeaner »	Logged

Never argue with an idiot; they'll drag you down to their level and beat you with experience.

Tags:

Pages: [1]

Go Up

Print

« previous next »

Jump to:

SSL

Firewall

Page created in -0.048 seconds with 19 queries.

Powered by SMF 1.1.5 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks

Design by 7dana.com