29-01-2011, 11:30 PM | #1 | ||
Join Date: May 2008
Location: Swan River, Canada
Posts: 842
|
Mshta.exe virus!
I have no idea what it does, BUT i have it, i noticed it cause i opened control panel to close Civ 5 when it froze and saw like 10 processes of mshta.exe running, and though it was suspicious and searched the web and found out it was a virus....so.....
I did what this site told me but it didn't work.. http://www.bleepingcomputer.com/forums/topic352201.html Any clues on what to do?
__________________
Kugarfang: o hai guiz im trying to find this techno song from the radio and it goes like this: DUN duuuunnnn dudududududun SPLOOSH duuunnnnn We ate the horse. |
||
|
|
30-01-2011, 03:01 AM | #2 | ||
Join Date: Mar 2006
Location: ,
Posts: 4,613
|
There's a legit mshta.exe, but virus makers like to name their creations after system files, and from your symptoms it looks likely you have one. The malicious mshta.exe may be installed in a different location than the legit one, or it may have even replaced it.
First of all run some scans with anti-virus programs, as many as you please--but make sure they're reputable, since there are many anti-virus programs that are actually trojans. See what they manage to clean. Make sure you use some with "anti-rootkit" capabilities. Here's some useful experience from a guy who cleaned something similar or the same exact thing by hand: http://social.answers.microsoft.com/...f-44e9c5abfcd5 That i386 folder is a copy of the Windows installation disk (whole or service pack) that sometimes is in the hard disk. You needn't have the same path, you can take the legit file from your Windows installation disk. Actually Windows has a tool to check and re-install if necessary system files, press the Windows key + R or go to the start menu > "run..."; enter "cmd"; in the ensuing console enter "sfc /scannow". Since you're having trouble with mshta.exe, stick to it and don't worry about warnings for other files, depending on the installation disk that you use they may be legit more recent versions. You may be more successful doing this in "safe mode", where the virus should be inactive. To start Windows in safe mode, press F8 repeatedly while booting before Windows kicks in. I recommend you also use this program http://technet.microsoft.com/en-us/s...rnals/bb963902 to see what programs are set to start with Windows, and disable them if necessary (this program will remember the entries for you, in case you find something was legit and you need to enable it back, just check it again). Go directly to the logon tab, although there's more, specially in services, and drivers. You should be able to tell what's legit. It may point you to the starter, which needn't be mshta.exe, but another program that calls it in the first place and re-starts it when you finish it.
__________________
Life starts every day anew. Prospects not so good... |
||
|
|
30-01-2011, 10:08 AM | #3 | ||
Join Date: May 2005
Location: Nitra, Slovakia
Posts: 6,533
|
you can of course run some anti virus program
however, i'd just check the location and description of mshta.exe. then search for "runonce" keys in regedit; once you find a runonce key you will also have a "run" key nearby, check the mshta.exe value out there. notice that there are multiple "run" keys in your registry if it's not there you can also check it under services in control panel/administrative tools
__________________
|
||
|
|
31-01-2011, 05:28 PM | #4 | ||
Join Date: Apr 2005
Location: Linz, Austria
Posts: 284
|
Format your harddrive, reinstall windows and setup all drivers without beeing connected to the internet.
Then use some disk imaging utility like http://www.drivesnapshot.de/en/index.htm and store a compressed copy of your drive in a safe location. It only uses like 2-3gb for a fresh windows installation, even an USB stick will do. It's just simple as that: When a virus has managed to penetrate your firewall/defense, load your drive snapshot and try again! You loose perhaps half an hour, but only if some virus manages to get in, and it's better to have a working system than sitting on a "cleaned up" installation, not knowing for sure if all remains have been wiped out!
__________________
For some people it's Windows, for others it's the longest virus in the world!
|
||
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Virus - The Game | Paco | V | 1 | 03-05-2011 04:22 AM |
Virus - The Game | Lord_Scather | Approved Requests | 13 | 02-09-2009 07:03 PM |
Alien Virus | Luchsen | A | 0 | 25-06-2008 04:22 PM |
my virus scanner is better than yours | catchaserguns | Tech Corner | 17 | 11-01-2008 08:08 AM |
|
|
||
  |