* Home Help Search Calendar Login Register  

Welcome, Guest. Please login or register.
July 24, 2008, 09:08:31 AM

Login with username, password and session length

176668 Posts
20892 Topics
50683 Members
Latest Member: pessa

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Anti-Viruspyware (CAVS)
| | |-+  Virus/Malware Removal Assistance
| | | |-+  mshta... is this a virus or what?		 « previous next »
Pages: [1] Go Down Print
Author Topic: mshta... is this a virus or what?  (Read 1227 times)
METREONFUTURE
Newbie
*
Offline Offline

Posts: 1
« on: April 11, 2008, 08:18:21 PM »
i was accessing my user accounts to add a password to my accound and comodo told me that mshta.exe was accessing my screen, and then it gave me a few more comodo warning pop ups. i blocked all of them.


so, is mshta a virus or what? should i delete it? i'm really confused on the issue.

is mshta.exe.mui bad?


i don't get it. i'm reading that some of this is a virus or something, but comodo and exet didn't pick it up... but then comodo blocked it when i clicked "user accounts" in the control panel. comodo didn't ask me about it again the second time. i deleted mshta.exe.mui and mshta.exe-331df029.pf


mshta.exe.mui and mshta.exe-331df029.pf both reappeared once after deleting them. the next time i deleted them they did not reappear.

this is the last hijack this log i got. i have never seen a virus detected by eset, antivir, comodo firewall on my pc

Mod Star Mod Edit: {Converted to a text document attachment - please do not post HJT logs as they are too long.  Please upload them for future reference.}

here's a link to the thread on another forum that i started first.

http://forums.pcper.com/showthread.php?t=453830
« Last Edit: April 12, 2008, 10:43:31 PM by Soyabeaner » Logged
kail
Autonomous
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 3628


I'm not grumpy, just misunderstood.
« Reply #1 on: April 11, 2008, 08:53:27 PM »
Hi METREONFUTURE, welcome to the forums

Firstly, I'm not sure about any file called "mshta.exe.mui".. with a ".mui" extension. But, "mshta.exe" is a legitimate Windows component for executing .HTA files and it just so happens that XPs User Accounts screen is an HTA. It will also run for the Add/Remove Programs applet (and others) when the Windows Classic style types are used.

So, usually MSHTA.EXE is SAFE. However, MSHTA.EXE can be infected/replaced/whatever. Take your version for a spin at Jotti's Malware Scan. and see what it says. Also run CFPs Malware scan.
Logged
XP Pro+SP3 & CFP 3.0.25.378 & AntiVir PE 8.1 & Firefox 3.0.1
__
Will computers ever be as smart as humans? Probably.. very briefly.
fazio93
Comodo's Hero
*****
Offline Offline

Posts: 216
« Reply #2 on: April 13, 2008, 12:25:15 PM »
does CFP automatically take it as "unsafe" b/c it came up on my comp while i was doing something.
Logged
Vista Home Prem 32x SP1 | CFP 3.0.25.378 [SafeSurf] | Avast! 4.8.1227
Soyabeaner
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 6621


Akagi
« Reply #3 on: April 13, 2008, 12:28:51 PM »
mshta is usually a legit Windows file

http://www.liutilities.com/products/wintaskspro/processlibrary/mshta/
http://www.processlibrary.com/directory/files/mshta/

There are a lot of legit files/processes that access the monitor and keyboard.

If still doubtful, try uploading to jotti or virustotal
« Last Edit: April 13, 2008, 12:32:28 PM by Soyabeaner » Logged
3xist
Guest
« Reply #4 on: May 31, 2008, 11:49:23 PM »
Topic Locked.

Reason: Out-Dated post.

Josh
Logged
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Firewall
Page created in 0.22 seconds with 19 queries.
Powered by SMF 1.1.5 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com