We have a PC in for repair which has an issue with mshta.exe. The problem is that a svchost process is the parent of many mshta.exe children each have a command line of
When this process runs, Avast Antivirus blocks the result as a threat. Scanning the system with Avast, Spybot Search and Destroy, Ad-Aware, SuperantiSpyWare, combofix Malwarebytesand prevx show the system to be clean.
There seems to be a few users on the internet having similar issues with this problem. Does anyone know of a fix for the issue.
What is the purpose of posting the link, as it is to a blocked site (by the network shield), or is this the real reason of the post and not mshta.exe ?
Please modify the link, change the http to hXXP so the link isn’t active, possibly exposing people to malware.
Yes, but I don’t see the relationship between the two, where is this command line coming from ?
What is your firewall ?
As I believe what is an internal MS file like mshta.exe should have any need to access the internet, so something is either manipulation this file or has hacked it to try and connect and a firewall with outbound protection should detect this.
Whilst the file name matches the MS legit file, that is no guarantee it is legit. Try a system search for mshta.exe and report the locations it is in ?
Have you tried running SAS and MBAM from safe mode, they are more effective from there.
AdAware really is a waste of HDD space, IMHO and since both SAS and MBAM offer better detection and cleaning, etc. it really is redundant.
But what were the locations, that was what I was after ?
You should be able to check and alter the properties
It is possible that there is another element that is hidden, possibly by rootkit:
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
I only have one occurrence of mshta.exe (XP Pro SP3) and it is in the system32 folder,
For this to try and run it have to have a registry entry, try a registry search (windows start, run, type msconfig) for mshta.exe as a data or value item. Or since there is a 15 repeat check the windows task scheduler and see if there isn’t an entry there.
This file … mshta.exe … is a legal MS file and is needed for some operations. But, it could also be a malicious file as sometimes malware writers often name their files similar to legal files, depending on the location of the file. This is why David is asking for the complete location of this file.
Please read the links below for more information and understanding.
I just want to thank you guys. I too have had this annoying problem and have been searching the internet for days trying to find a way to rid myself of the last traces of this lil’ bugger of a problem. This is the ONE forum that finally directed me to the windows task scheduler. Yay! I can now go do the dishes…
