Go Back   Forums > Community Chatterbox > Tech Corner
Memberlist Forum Rules Search Today's Posts Mark Forums Read
Search Forums:
Click here to use Advanced Search

Reply
 
Thread Tools Display Modes
Old 30-01-2011, 12:30 AM   #1
Fubb
GreatCanadianMan
 
Fubb's Avatar


 
Join Date: May 2008
Location: Swan River, Canada
Posts: 842
URGENT Mshta.exe virus!

I have no idea what it does, BUT i have it, i noticed it cause i opened control panel to close Civ 5 when it froze and saw like 10 processes of mshta.exe running, and though it was suspicious and searched the web and found out it was a virus....so.....

I did what this site told me but it didn't work..

http://www.bleepingcomputer.com/forums/topic352201.html

Any clues on what to do?
__________________
Kugarfang: o hai guiz im trying to find this techno song from the radio and it goes like this:

DUN duuuunnnn dudududududun SPLOOSH duuunnnnn


We ate the horse.
Fubb is offline                         Send a private message to Fubb
Reply With Quote
Old 30-01-2011, 04:01 AM   #2
Japo
Autonomous human
 
Japo's Avatar


 
Join Date: Mar 2006
Location: ,
Posts: 4,613
Default

There's a legit mshta.exe, but virus makers like to name their creations after system files, and from your symptoms it looks likely you have one. The malicious mshta.exe may be installed in a different location than the legit one, or it may have even replaced it.

First of all run some scans with anti-virus programs, as many as you please--but make sure they're reputable, since there are many anti-virus programs that are actually trojans. See what they manage to clean. Make sure you use some with "anti-rootkit" capabilities.

Here's some useful experience from a guy who cleaned something similar or the same exact thing by hand:

http://social.answers.microsoft.com/...f-44e9c5abfcd5

That i386 folder is a copy of the Windows installation disk (whole or service pack) that sometimes is in the hard disk. You needn't have the same path, you can take the legit file from your Windows installation disk. Actually Windows has a tool to check and re-install if necessary system files, press the Windows key + R or go to the start menu > "run..."; enter "cmd"; in the ensuing console enter "sfc /scannow". Since you're having trouble with mshta.exe, stick to it and don't worry about warnings for other files, depending on the installation disk that you use they may be legit more recent versions.

You may be more successful doing this in "safe mode", where the virus should be inactive. To start Windows in safe mode, press F8 repeatedly while booting before Windows kicks in.

I recommend you also use this program

http://technet.microsoft.com/en-us/s...rnals/bb963902

to see what programs are set to start with Windows, and disable them if necessary (this program will remember the entries for you, in case you find something was legit and you need to enable it back, just check it again). Go directly to the logon tab, although there's more, specially in services, and drivers. You should be able to tell what's legit. It may point you to the starter, which needn't be mshta.exe, but another program that calls it in the first place and re-starts it when you finish it.
__________________
Life starts every day anew. Prospects not so good...
Japo is offline                         Send a private message to Japo
Reply With Quote
Old 30-01-2011, 11:08 AM   #3
_r.u.s.s.
I'm not Russ
but an ex-alektorophobic
 
_r.u.s.s.'s Avatar


 
Join Date: May 2005
Location: Nitra, Slovakia
Posts: 6,533
Default

you can of course run some anti virus program

however, i'd just check the location and description of mshta.exe. then search for "runonce" keys in regedit; once you find a runonce key you will also have a "run" key nearby, check the mshta.exe value out there. notice that there are multiple "run" keys in your registry

if it's not there you can also check it under services in control panel/administrative tools
__________________
_r.u.s.s. is offline                         Send a private message to _r.u.s.s.
Reply With Quote
Old 31-01-2011, 06:28 PM   #4
Wicky
the little viking
 
Wicky's Avatar

 
Join Date: Apr 2005
Location: Linz, Austria
Posts: 284
Default

Format your harddrive, reinstall windows and setup all drivers without beeing connected to the internet.
Then use some disk imaging utility like http://www.drivesnapshot.de/en/index.htm
and store a compressed copy of your drive in a safe location. It only uses like 2-3gb for a fresh windows installation, even an USB stick will do.

It's just simple as that: When a virus has managed to penetrate your firewall/defense, load your drive snapshot and try again!
You loose perhaps half an hour, but only if some virus manages to get in, and it's better to have a working system than sitting on a "cleaned up" installation, not knowing for sure if all remains have been wiped out!
__________________
For some people it's Windows, for others it's the longest virus in the world!
Wicky is offline                         Send a private message to Wicky
Reply With Quote
Reply


Similar Threads
Thread Thread Starter Forum Replies Last Post
Virus - The Game Paco V 1 03-05-2011 05:22 AM
Virus - The Game Lord_Scather Approved Requests 13 02-09-2009 08:03 PM
Alien Virus Luchsen A 0 25-06-2008 05:22 PM
my virus scanner is better than yours catchaserguns Tech Corner 17 11-01-2008 09:08 AM

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump
 


The current time is 05:48 AM (GMT)

 
Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.