Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

mshta.exe


  • Please log in to reply
9 replies to this topic

#1 Stakkibotris

Stakkibotris

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 22 October 2010 - 11:44 PM

In my processes log there are over 20 different mshta.exe running. I had a virus and got rid of most of it by running anti-virus, malaware, spyware; but, Im still having problems. Is my only chance of fixing my computer reformatting? None of the programs detect anything. My machine has also had trouble booting up and shutting down sometimes. Usually works on second try though. Any advice much appreciated.
Thanks

Edited by hamluis, 27 October 2010 - 08:41 AM.
Moved from XP forum to Am I infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:47 AM

Posted 23 October 2010 - 02:14 AM

Mshta.exe is a Microsoft signed file. By default, the mshta.exe file is located in the %system% folder. The most common size of the mshta.exe file is 29,184 bytes. You may also find this file in 45,568, 30,720, 26,624, and 24,064 bytes sizes.
Not sure why you have so many items in process log as this is usually just a normal M/$oft file ??

The mshta.exe (Microsoft HTML Application Host) file is a Windows file that is required by the Windows operating system to read and execute .HTA files.
If in doubt run a sfc /scannow check to be sure -

Thank you -

Edited by noknojon, 23 October 2010 - 02:23 AM.


#3 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:47 PM

Posted 23 October 2010 - 04:17 AM

mshta.exe is a Microsoft file, but it is often exploited by some of the malware programs.
Download Process Explorer and run it. Choose View -> Select Columns and choose Command Line. Then post the screenshot here showing the mshta.exe processes.

#4 Stakkibotris

Stakkibotris
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:07:47 PM

Posted 27 October 2010 - 12:32 AM

Attached the screen shot of all the mshta.exe. Someone please help me get rid of this virus. Started getting yet another pop up today. Says i have registry errors. Obviously one of those that tries to get you to buy their antivirus.Attached File  mshta.exe.doc   224.5KB   13 downloads

#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:47 AM

Posted 27 October 2010 - 06:26 AM

Hi-
Install Malwarebytes , update it and run a Quick Scan first - Also run your antivirus program if you can -

Thank you -

#6 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:47 PM

Posted 27 October 2010 - 06:44 AM

You should have widened the Command Line column. But I can see that mshta.exe is being used to open some web sites without your consent. You are probably infected with a malware program. Malware experts of BleepingComputer would be able to guide you through the cleaning process.

Edited by Romeo29, 27 October 2010 - 06:59 AM.


#7 djgriff99

djgriff99

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 07 November 2010 - 12:08 PM

Have you gotten any resolution on this? I have the same problem and I figured I was getting a slow response to my post due to traffic, apparently now that the posts days ahead of mine are getting attention I now believe my post is just getting ignored. I also am receiving multiple instances of mshta.exe as a result of having obtained, found, and deleted a rogue spyware from my comp. I do also understand that mshta.exe is a valid program, but I believe multiple instances of this valid program are being executed by something nefarious in much the same way as yours. If you have received a fix to this recently or some additional help in a different part of the forum, I would much appreciate a link to that. Thanks

#8 kaboom1216

kaboom1216

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 01 December 2010 - 12:49 AM

I had the same problem with mshta.exe starting multiple times. Mine was having something to do with an IP address in Latvia and I never started them ever. The virus that you have most likely removed by now leaves this behind in your scheduled tasks. Just go to Control Panel -> Scheduled Tasks and there should be 24 scheduled tasks labeled at1, at2, at3, etc. all the way to 24. Simply select all 24 of them and delete them. This will stop mshta.exe from opening every hour and accessing the internet/the rogue IP. This fixed the problem for me, hope it helps you as well.

#9 sil3nthill

sil3nthill

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:47 AM

Posted 01 December 2010 - 03:18 AM

ok i have a variant of this one too.

But doing that does not fix the problem.

I had reasonable success removing malware in the past with research/tools but this one just will not go.

#10 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:06:47 PM

Posted 01 December 2010 - 09:25 AM

sil3nthill you should start your own topic and post your HJT log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users