mshta... is this a virus or what?

METREONFUTURE · April 12, 2008, 1:18am

i was accessing my user accounts to add a password to my accound and comodo told me that mshta.exe was accessing my screen, and then it gave me a few more comodo warning pop ups. i blocked all of them.

so, is mshta a virus or what? should i delete it? i’m really confused on the issue.

is mshta.exe.mui bad?

i don’t get it. i’m reading that some of this is a virus or something, but comodo and exet didn’t pick it up… but then comodo blocked it when i clicked “user accounts” in the control panel. comodo didn’t ask me about it again the second time. i deleted mshta.exe.mui and mshta.exe-331df029.pf

mshta.exe.mui and mshta.exe-331df029.pf both reappeared once after deleting them. the next time i deleted them they did not reappear.

this is the last hijack this log i got. i have never seen a virus detected by eset, antivir, comodo firewall on my pc

(:m*) Mod Edit: {Converted to a text document attachment - please do not post HJT logs as they are too long. Please upload them for future reference.}

here’s a link to the thread on another forum that i started first.

http://forums.pcper.com/showthread.php?t=453830

[attachment deleted by admin]

kail · April 12, 2008, 1:53am

Hi METREONFUTURE, welcome to the forums

Firstly, I’m not sure about any file called “mshta.exe.mui”… with a “.mui” extension. But, “mshta.exe” is a legitimate Windows component for executing .HTA files and it just so happens that XPs User Accounts screen is an HTA. It will also run for the Add/Remove Programs applet (and others) when the Windows Classic style types are used.

So, usually MSHTA.EXE is SAFE. However, MSHTA.EXE can be infected/replaced/whatever. Take your version for a spin at Jotti’s Malware Scan. and see what it says. Also run CFPs Malware scan.

fazio93 · April 13, 2008, 5:25pm

does CFP automatically take it as “unsafe” b/c it came up on my comp while i was doing something.

[attachment deleted by admin]

system · April 13, 2008, 5:28pm

mshta is usually a legit Windows file

http://www.liutilities.com/products/wintaskspro/processlibrary/mshta/
http://www.processlibrary.com/directory/files/mshta/

There are a lot of legit files/processes that access the monitor and keyboard.

If still doubtful, try uploading to jotti or virustotal

system · June 1, 2008, 4:49am

Topic Locked.

Reason: Out-Dated post.

Josh