mshta... is this a virus or what?

i was accessing my user accounts to add a password to my accound and comodo told me that mshta.exe was accessing my screen, and then it gave me a few more comodo warning pop ups. i blocked all of them.

so, is mshta a virus or what? should i delete it? i’m really confused on the issue.

is mshta.exe.mui bad?

i don’t get it. i’m reading that some of this is a virus or something, but comodo and exet didn’t pick it up… but then comodo blocked it when i clicked “user accounts” in the control panel. comodo didn’t ask me about it again the second time. i deleted mshta.exe.mui and mshta.exe-331df029.pf

mshta.exe.mui and mshta.exe-331df029.pf both reappeared once after deleting them. the next time i deleted them they did not reappear.

this is the last hijack this log i got. i have never seen a virus detected by eset, antivir, comodo firewall on my pc

(:m*) Mod Edit: {Converted to a text document attachment - please do not post HJT logs as they are too long. Please upload them for future reference.}

here’s a link to the thread on another forum that i started first.

[attachment deleted by admin]

Hi METREONFUTURE, welcome to the forums

Firstly, I’m not sure about any file called “mshta.exe.mui”… with a “.mui” extension. But, “mshta.exe” is a legitimate Windows component for executing .HTA files and it just so happens that XPs User Accounts screen is an HTA. It will also run for the Add/Remove Programs applet (and others) when the Windows Classic style types are used.

So, usually MSHTA.EXE is SAFE. However, MSHTA.EXE can be infected/replaced/whatever. Take your version for a spin at Jotti’s Malware Scan. and see what it says. Also run CFPs Malware scan.

does CFP automatically take it as “unsafe” b/c it came up on my comp while i was doing something.

[attachment deleted by admin]

mshta is usually a legit Windows file

http://www.processlibrary.com/directory/files/mshta/

There are a lot of legit files/processes that access the monitor and keyboard.

If still doubtful, try uploading to jotti or virustotal

Topic Locked.

Reason: Out-Dated post.

Josh