Re: mshta.exe scans the whole disc

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

On Thu, 8 Sep 2005 15:08:54 +0200, Anders Eriksson <andis59@xxxxxxxxx>
wrote:

>>>Whenever I open Add/Remove Program in Control Panel the program MSHTA.EXE
>>>will start to scan the whole hard drive (C:).
>>>How do I make it NOT scan or at least only scan specific directories?
>>
>> Try htastop:
>>
>> http://www.nsclean.com/htastop.html
>>
>
>I did run it and it made no change. MSHTA.EXE still runs and scans the
>whole disc.
>
>> Have you used a good up to date antivirus scanner? Spyware
>> scanners? Something is wrong. And there are malwares that screw
>> around with mshta.exe
>>
>I have Norman antivirus, Microsoft AntiSpyware. I run Ad-Aware and Spybot
>S&D and SpywareBlaster once a week (.a bit paranoid maybe.)

Not paranoid at all :) Pays to be alert. I'm going to suggest running
a more powerful av scanner, but before that, you might check the
folder location of mshta. Sometimes a false one is located in a
different folder. Here's what's on my Win 2K sp4

c:\winnt\system32 24,576 Aug 29, 2002
c:\winnt\system32\dllcache same as above
c:\winnt\ServicePackFiles\I386 29,968 June 19, 2003

Here's a paste of instructions:
*********************************************************
The following procedure will give you a on-demand scan
with a clean/delete capability using the Kaspersky scan
engine and the extra defs:

Download mwav.exe from here:

http://www.spywareinfo.dk/download/mwav.exe

Allow it to extract the files to c:\Kaspersky

Next, download wget.exe from here:

http://users.ugent.be/~bpuype/wget/#download

And copy it to c:\Kaspersky

Use Notepad to create the following batch file:

@echo off
cls
echo -----------------------------------------------
echo Updating using updates1 ftp site
echo -----------------------------------------------
wget -N ftp://updates1.kaspersky-labs.com/updates_x/*.avc
wget -N ftp://updates1.kaspersky-labs.com/updates_x/avp.*
echo -----------------------------------------------
echo Updating completed!
echo -----------------------------------------------

Save the batch file as update.bat
copy it to c:\Kaspersky

Now run c:\Kaspersky\update.bat

Then run c:\Kaspersky\mwavscan
*****************************************************

Art

http://home.epix.net/~artnpeg
.

Relevant Pages

  • Re: Outlook 2007 Mail Rendering Problem
    ... Some were scanned upon download, but most were already downloaded and were ... AVG is the one that needs to work on THEIR program for compatibility, ... scanned upon opening and you cannot send a virus if your real-time scanner ... Milly Staples [MVP - Outlook] ...
    (microsoft.public.office.misc)
  • Re: Possible Virus; Need Xp Gurus Help
    ... missing from Norton. ... opinion" av scanner). ... Please download, install and update the following software... ... I suggest scanning the system in Safe Mode. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: TFTP
    ... There are anti virus News Groups specifically for this type of discussion. ... Stinger is an "On Demand" AV scanner that only targets ~54 infectors, ... This will bring up the initial menu of choices and should be executed in Normal Mode. ... You can choose to go to each menu item and just download the needed files or you can ...
    (microsoft.public.windowsxp.security_admin)
  • Re: backdoor.trojan
    ... some of the files were in use/protected that the scanner simply ... And when I ran it in safe mode, since the windows that I have which is ... FireWall to allow it to download the needed AV vendor related files. ... Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. ...
    (microsoft.public.security.virus)
  • Re: Sptware Infection
    ... I have deleted all of the infections and ... > Please download, install and update the following software... ... > After the software is updated, I suggest scanning the system in Safe Mode. ... > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key ...
    (microsoft.public.windowsxp.security_admin)