4.0.1.0 1.00.003 is what is still available for download from you.

Can you update yours to HTAStop2003 please?

Hi Darkstar,

I'm afraid this is the only mirror that has been updated: http://www.simtel.net/product.php?url_fb_product_page=67031

Regards,

Pieter

All sites listed currently offer old version.
I have been i contact with Nancy and she will send me a copy of it as soon as she has time to go to her emailer and i will also offer PSC freebies for download.
Stay tuned

Yes, it looks like they must have recently updated the HTAstop.exe program since even their recent article still referred to the original 1.0 version that was released back in April 2001.

The new version is even more effective in preventing HTA based exploits, as they've taken additional steps to disable HTA capabilities in the OS.

I've tested the new version and it looks really good.

OTHER PSC FREEBIES

DSOStop2.EXE
The "DSO Exploit" (Data Source Object) was first reported by GreyMagic
Software of Israel on February 27, 2002 and a "workaround" for Microsoft's
defective code was provided by Axel Pettinger and Garland Hopkins on March
3, 2002. Their fix requires the user to manually edit the registry. Many
computer users are extremely nervous (and justifiably so) about doing this,
owing to years of warnings and advisories not to. This FREE utility will
safely do it for those who do not feel confident running and editing
"Regedit." Read the details for more information and links
to the registry modification instructions and test site.

CR2Kill.EXE

CR2Kill is designed to detect and delete the CodeRed II and III worm from
IIS servers. It then will send the user, with their permission, to the
Microsoft site where the ISAPI patches are available.

HTAStop2003...HTAstop.exe
It's now possible for a "rogue" website to actually embed trojans, worms
and/or viruses directly into a web page. In the past, pages that offer
seemingly attractive downloads which contain such malware required you to
click to start any download to your computer. Now it's become automatic,
using features in the Windows operating system known as scripting.These
scripts can load programs without you knowing, and then they run
immediately. All
you have to do is visit the site, without doing anything besides viewing
the page.

HTAstop acts as a brickwall against these scripts, disabling them so the
download doesn't occur. HTAstop protects you against one variety of script,
our IEClean covers all twenty seven.

0click2.exe

0click2 is a small, simple, free program for users of Windows95, 98, NT and
2000 which allows you to "disconnect doubleclick from the internet" and
this in turn prevents their banner ads, their cookies and their tracking of
your activities. 0click2 works by causing all
referrals to doubleclick from any site to be blocked at your own computer.
0click2 works only with the standard Microsoft winsock for dialup
networking, DSL, ISDN and cable modems and does not work with other winsock
programs such as AOL(Compuserve),
Trumpet Winsock or Twinsock. 0Click2 adds new functionality to allow you to
choose to block other sites as well.

These two are really old, so you may not want to use them. ShareClean
doesn't workwith OS-es above the original Win98 (not SE), as well.

Socklock.exe

If SockLock is used BEFORE you fall victim to Happy99 or other SKA class
trojan attack, it will protect you from infestations by this trojan horse.
You can actually download and enjoy the fireworks display presented by the
Happy99 trojan without any risk of infestation or spreading
the trojan further to other hapless victims as SockLock PREVENTS any SKA
class Winsock infesting trojan from being able to do anything more than
display the cute distraction. They CANNOT infest your machine (or anyone
elses) if SockLock has been used to lock your winsock
against modification. SockLock also creates two 72 byte files which prevent
SKA class trojans from being able to install at all on your machine once
you activate the protection using SockLock.


SClean.EXE

If you subscribe to cable modem service, or are using a high speed internet
connection such as ADSL, HDSL or xDSL, or are on a corporate intranet or
LAN, you could be exposed to a serious security problem if you are
connected to the Internet through an
ethernet card in your Windows95 machine.

The problem involves Windows95's built-in "File and printer sharing"
(otherwise known as NETBEUI/LANMAN protocol) and a flaw in it which allows
people connected to your service to access all parts of your hard disk and
lets them read, write, delete or modify files
anywhere on your machine. Share Clean is designed to eliminate the problem.
It's as easy as pushing one single button to secure your machine against
outsiders.

http://groups.yahoo.com/group/MickeyTheMan/files/PSC/

Is it true that the latest HTAStop2003 won't work on WinXP?

-{ Quote: " quoting: DarkStar link=board=20;threadid=11988;start=0#msg77402 date=1059925449]
Is it true that the latest HTAStop2003 won't work on WinXP?
" }-
Could you share the source of this

:) last i recall was xp was hta based programing and disabling hta on an xp system wasnt good

another of microsoft xp goodys thx microsoft blaze put beer on windows xp cd lol but windows xp makes a fine beer coaster lol ;D

I have Win2k SP4 and the new HTA stop screws up a couple of functions on my machine.
One example is if I go to the control Panel and try to open add and remove programs, I can't.
Not sure how much is affected.

For interested parties, I have run HTAStop for quite while now, first on W2K PRO no probs, and now Win XP. However, if you want to stop the exploit without using HTAStop, simply use Wormguard and put HTA scripting extension in the BLocked Editor's List, along with VBS, etc. etc.

Cheers, TAS.

i want new hta stop where do i get it

Sixth post down on this page: http://www.dslreports.com/forum/remark,7532389~root=security,1~mode=flat;start=40 - or is that one referring to the older version of HTAS?

Similar post here: http://www.spywareinfoforum.com/forums/index.php?s=41c25369aea496281e342185c15f87bb&act=ST&f=6&t=8678&st=15

The HTA Stop 2003 edition is available at the URL at the bottom of the FIFTH post (I make it! ;) ) down on this page- Mickey-the-Man's page at Yahoo...

regards,

dqa

8)

I tried both the old and then the new version of HTAstop for the first time following the release of that PSC article. I monitored what each program did and saved the settings before using either of them. I decided to use the new HTAstop 2003 (4.0) tool on my XP system in the end, and it hasn't effected any other system functions.

The changes made by HTAstop are very simple. It breaks the file association for .hta files in the CLASSES_ROOT in the registry; it breaks the CLSID association, (see the DSLR Security thread noted above for more on what that does), and finally it renames the mshta.exe file and replaces it with a copy of notepad.exe.

The only reason I could think that it might negatively impact a system is if that system is using HTA scripts to perform some functions. But, of course, you never quite know what effects what with Windows. ::)

-{ Quote: " quoting: root link=board=20;threadid=11988;start=0#msg77582 date=1060003399]
I have Win2k SP4 and the new HTA stop screws up a couple of functions on my machine.
One example is if I go to the control Panel and try to open add and remove programs, I can't.
Not sure how much is affected.
" }-
Same thing here, but as HTA STOPcan easily be activated/deactivated at the click of a button, it's no big deal.

:'( it wont let me dowenload

Try here

http://www.simtel.net/product.download.mirrors.php?id=67031

regards,
bill

Which one won't let you download ?
This link should work : http://groups.yahoo.com/group/MickeyTheMan/files/PSC/
Simply choose which PSC freebie file you want. In this case we are talking about HTAstop.exe

Or this one: http://mickeytheman-mtm.hypermart.net/files/PSC/HTAstop.exe

-{ Quote: " quoting: MickeyTheMan link=board=20;threadid=11988;start=15#msg77745 date=1060051098]
Which one won't let you download ?
This link should work : http://groups.yahoo.com/group/MickeyTheMan/files/PSC/
Simply choose which PSC freebie file you want. In this case we are talking about HTAstop.exe
" }-

Mickey,
this is what I get !!

http://f1.grp.yahoofs.com/v1/oA8vP6Qb_843CPkkzY7eUWUzdJQsFkLCt67KdRhOW-18dOMXPT0QaggBdLOpFT5kNOQYzlfR5ObbTKfX/PSC/HTAstop.exe

regards,
bill

I just posted another link in previous post to another server
http://mickeytheman-mtm.hypermart.net/files/PSC/HTAstop.exe

Also this one: http://mickeysecurityandprivacy.port5.com/files/HTAstop.exe

Or this one: http://mickeytheman.digitalrice.com/files/HTAstop.exe

Gee, that's a lot of HTAstop. :o ;D

A popular download as i exceeded limit on one of the servers ! ;)

Holy HTAstop !! ;D



Mickey, bon travail !!

regards,
bill ;)

:D

So is it safe to say HTAStop2003 is safe to run on WinXP HE, right?

:D thx guys i was able to get it this time yeah

;Dkinda got excited like a little kid geting that big red shiney metal fire truck on christmass morning lol

-{ Quote: " quoting: notageek link=board=20;threadid=11988;start=15#msg77822 date=1060092951]So is it safe to say HTAStop2003 is safe to run on WinXP HE, right?" }-

That's where I'm using it. I've looked at what it does and it has caused no problems on my system. It's activated now. As MtM said above, since it can be activated and deactivated easily, there really isn't much of a problem.

I'm running Script Sentry do I need to use HTAStop?

Do not use XP myself, but have seen a couple of reports that say if you use the classic mode, then Users in the control panel doesn't work, when HTASTOP2003 is toggled on.

Perhaps the best answer is to try for yourself, but as others have said, a simple toggle on-off makes it pretty much a non-issue.

-{ Quote: " quoting: notageek link=board=20;threadid=11988;start=15#msg77875 date=1060110453]I'm running Script Sentry do I need to use HTAStop?" }-

There seems to still be a little debate on that... For many conditions, I think you are covered by ScriptSentry, however, there's a question remaining regarding whether HTA contained in certain ways on a webpage can bypass the file association that ScriptSentry protects against. The author of ScriptSentry has suggested an additional protection which I think he may add to some future update. It's to disable the CLSID which is one of the three preventions in HTAstop, that I noted above. So, if he's suggesting that, I suspect there may be some chance of it getting by ScriptSentry.

Thanks LWM. I'll look into HTAStop a little bit more. Maybe I'll look into a program like WormGuard or something like that.

-{ Quote: " quoting: DarkStar link=board=20;threadid=11988;start=0#msg77266 date=1059844011]
4.0.1.0 1.00.003 is what is still available for download from you.

Can you update yours to HTAStop2003 please?
" }-

We offer bandwidth for good security software. That said: in case any security/privacy developper or company wants us to mirror their program(s), it's common usance them contacting us. This hasn't been the case. No way we can and want to hunt down ourselves; time is a precious thing nowadays.

In case PSC or any software developper wants us to mirror their software: an email surely would be a good start ;).

regards.

paul

Well, I finally managed to get HTAStop2003 from Simtel (thanks to Brummelchen on MTM's site), but I had to go this route:
ftp://gatekeeper.dec.com/pub/micro/pc/simtelnet/win95/security/HTAstop.exe (http://ftp://gatekeeper.dec.com/pub/micro/pc/simtelnet/win95/security/HTAstop.exe) .

Now, however, there's been a question raised as to whether or not the program actually works - supposedly, if you're running XP (or maybe even WinMe), the mshta.exe simply gets re-created as it was at the next re-start - whether you've "fixed" it with HTAStop2003 or not.

The info for the program does say (on this page http://www.nsclean.com/htastop.html ) that it's for "Windows95, 98, NT, 2000 or Windows ME" (I'm really kind of surprised W2K doesn't replace "critical" system files like XP does, if that's the case).


Anyone got any input on this? Pete

-{ Quote: " quoting: spy1 link=board=20;threadid=11988;start=30#msg83875 date=1062256934]Now, however, there's been a question raised as to whether or not the program actually works - supposedly, if you're running XP (or maybe even WinMe), the mshta.exe simply gets re-created as it was at the next re-start - whether you've "fixed" it with HTAStop2003 or not." }-

Actually, yes, it does work on XP. The reason that XP's feature of automatically regenerating system files does not fix mshta.exe is because it isn't simply deleted and left missing. Instead, HTAstop2003 renames mshta.exe to mshta.exf, (take a look for it in your system32 directory), and then copies notepad.exe back as mshta.exe. XP doesn't replace a system file if one is there, only if it's gone completely.

-{ Quote: "The info for the program does say (on this page http://www.nsclean.com/htastop.html ) that it's for "Windows95, 98, NT, 2000 or Windows ME" (I'm really kind of surprised W2K doesn't replace "critical" system files like XP does, if that's the case)." }-

Of course, you can only ask PSC to find out for certain whether it is supposed to be used on XP or not. For myself, I think that when they edited the page they just forgot to add XP. The first version of HTAstop may have been released prior to XP, so perhaps that's why it's not there. But, I don't know. :-\

I do know that HTAstop2003 does prevent HTA from functioning on XP, as stated, though the minor bug in reply #28 above does exist. (That being, the XP "User Accounts" applet in the Control Panel doesn't work until you enable HTAs again.)

When checking all this again because of your new post, I went back to the Simtel site and re-downloaded HTAstop2003 to retest with it, just to be sure of the facts before posting. The version at Simtel has been updated... My last download from there was Aug 2, and this new version is very slightly different when doing a file compare.

There was a small bug in the previous version of HTAstop2003. When using it to reactivate HTA's on your system, it would properly remove the version of mshta.exe that was a copy of notepad, restoring it with a copy of the original it had saved as mshta.exf, however, when it linked to the exe from the CLSID in the registry, it pointed to the mshta.exf version, not the .exe version. It all still worked, since the mshta.exf was identical to the just restored .exe copy, but, that was still incorrect. So, this has been fixed now.

-{ Quote: " quoting: LowWaterMark link=board=20;threadid=11988;start=30#msg83901 date=1062270642]
Actually, yes, it does work on XP. The reason that XP's feature of automatically regenerating system files does not fix mshta.exe is because it isn't simply deleted and left missing. Instead, HTAstop2003 renames mshta.exe to mshta.exf, (take a look for it in your system32 directory), and then copies notepad.exe back as mshta.exe. XP doesn't replace a system file if one is there, only if it's gone completely.
" }-

Um, Windows File Protection works on digital sigs not just file names, and will therefore replace notepad-renamed-as-mshta. So it appears HTAstop Build 3 is broken too.

-{ Quote: " quoting: Milly link=board=20;threadid=11988;start=30#msg84371 date=1062418580]
-{ Quote: " quoting: LowWaterMark link=board=20;threadid=11988;start=30#msg83901 date=1062270642]
Actually, yes, it does work on XP. The reason that XP's feature of automatically regenerating system files does not fix mshta.exe is because it isn't simply deleted and left missing. Instead, HTAstop2003 renames mshta.exe to mshta.exf, (take a look for it in your system32 directory), and then copies notepad.exe back as mshta.exe. XP doesn't replace a system file if one is there, only if it's gone completely.
" }-
Um, Windows File Protection works on digital sigs not just file names, and will therefore replace notepad-renamed-as-mshta. So it appears HTAstop Build 3 is broken too.
" }-

You are correct about this. Rename any file in a temp directory to "mshta.exe", then copy that file over system32\mshta.exe... You will either have it restored quietly, or be prompted to insert your WinXP CD.

The solution, if you wanted to do it manually, would be to make sure the WinXP CD wasn't inserted, then overwrite the system32\mshta.exe and system32\dllcache\mshta.exe files at the same time. My own way to do this would be to extract a ZIP file that contains two copies of the file I want to replace mshta.exe with (full paths in the ZIP file would be required). And of course when prompted, cancel and confirm the WFP request to restore the originals.

If you ever run System File Checker (SFC) with the /scannow parameter, the original mshta.exe files will be restored (that's the whole intent of SFC--to verify valid system files). This is why I would create a ZIP file, with full paths stored, containing both bogus mshta.exe files. If I ever need to run "sfc /scannow", I let it replace the originals, then I pull the WinXP CD and extract the ZIP file and respond to the prompts. I've been doing that for eons with notepad.exe (so I can easily use a Notepad replacement).

You can actually replace the mshta.exe files automatically, as needed (such as after running "sfc /scannow", or if you're just paranoid). Use the WinZip command-line support add-on (http://www.winzip.com/other.htm). The command line you would use is as follows:

"C:\Program Files\WinZip\WZUNZIP.EXE" -d -o -yo "[path to ZIP file]" C:\

For example:

"C:\Program Files\WinZip\WZUNZIP.EXE" -d -o -yo "D:\Data\Replace MSHTA.EXE.zip" C:\

* The "-d" command-line option tells WZUNZIP.EXE to use the stored folders in the ZIP file being extracted.
* The "-o" command-line option tells WZUNZIP.EXE causes the target files to be overwritten without a prompt.
* The "-yo" command-line option tells WZUNZIP.EXE to overwrite the target files, even if they are hidden, system, or read-only files.

A few points (sorry for the gory detail; I want to speak to novice users as well as the experts around here):

1) Make sure the ZIP file being used has paths stored, and that it has nothing but the two mshta.exe files you want to overwrite. For example, this is what is inside my ZIP file (file/path):

mshta.exe WINDOWS\system32\
mshta.exe WINDOWS\system32\dllcache\

Note that the two "mshta.exe" files represented above are bogus... They're actually renamed copies of Notepad.exe. I mention this because it's rather critical not to accidentally use the real mshta.exe files! (Kind of defeats the whole purpose.) :)

So, when I extract to C:\ using the command line shown above, the actual files that get replaced are:

C:\WINDOWS\system32\mshta.exe
C:\WINDOWS\system32\dllcache\mshta.exe

2) Do this when the WinXP CD is not inserted, or WFP will silently undo your replacement.

3) Be sure to extract this ZIP file after running "sfc /scannow".

4) After running the command line which extracts the ZIP file and overwrites the mshta.exe files, WFP will prompt you to insert your WinXP CD to undo the file replacement. Click "Cancel", then click "Yes" to confirm.

5) Of course, make sure you use the correct path to WZUNZIP.EXE, not to mention your ZIP file. ;)

Edit: Please read the caveat I added in my new post below before performing the procedure above. (I added it as a new post so that it would catch the attention of anyone who subscribed to this thread, who might have already performed the procedure.)

Thanks LWM, Milly and nameless! Great info! Pete

Ah, thanks for the clear explanation on how that works. I was unaware of the mechanics of all that.

It would appear that HTAstop2003 did exactly what you described. I just checked my dllcache folder and found they did indeed replace that copy of mshta.exe with a copy of notepad, as well. That explains why this file did stay as a copy of notepad after running HTAstop, and was not replaced. I guess they thought of that, as well. So, it still appears that it does work on XP.

Just rechecked by toggling HTA back to enabled again, and HTAstop reverts the copy in dllcache to original at the same time.

Edit: Actually, couldn't they be doing it this way on XP:

1. Replace the copy of mshta.exe in the dllcache folder with a copy of notepad.exe
2. Rename the copy of mshta.exe in system32 to mshta.exf
3. XP automatically replaces the now missing mshta.exe with the notepad version from dllcache.

Getting XP to do the replacement itself?

Edit 2: Hmm, I was just able to manually do this...

1. I removed the copy of mshta.exe from dllcache folder
2. I copied notepad.exe to dllcache\mshta.exe
3. I renamed system32\mshta.exe to mshta.exf
4. Windows XP then replaced the missing system32\mshta.exe with the notepad version from dllcache

Very interesting! :)

same config here - no trouble

Ruben

-{ Quote: " quoting: LowWaterMark link=board=20;threadid=11988;start=30#msg84466 date=1062443120]
It would appear that HTAstop2003 did exactly what you described. I just checked my dllcache folder and found they did indeed replace that copy of mshta.exe with a copy of notepad, as well. That explains why this file did stay as a copy of notepad after running HTAstop, and was not replaced. I guess they thought of that, as well. So, it still appears that it does work on XP.

Just rechecked by toggling HTA back to enabled again, and HTAstop reverts the copy in dllcache to original at the same time." }-

I fear you are mistaken (though I can't explain why you're seeing what you're seeing). I doubt that any version of HTAstop touches the DLLCache at all (and I've certainly not seen or heard of a build which does, though without documentation anything is possible).

-{ Quote: " quoting: LowWaterMark link=board=20;threadid=11988;start=30#msg84466 date=1062443120]
Edit: Actually, couldn't they be doing it this way on XP:

1. Replace the copy of mshta.exe in the dllcache folder with a copy of notepad.exe
2. Rename the copy of mshta.exe in system32 to mshta.exf
3. XP automatically replaces the now missing mshta.exe with the notepad version from dllcache.

Getting XP to do the replacement itself?
" }-

Could. But aren't, I don't think :-

https://grc.com/x/news.exe?cmd=article&group=grc.news.latestversions&item=2370

-{ Quote: "
Date:***Mon, 01 Sep 2003 09:03:38 -0400
From:***Kevin McAleavey <support@nsclean.com>
[...]
(I noted a thread on HTAstop somewhere in here too, DEFINITELY ain't got
the time for that - PAYING customers come FIRST) but hint ... the HTASTOP
program WILL work with XPee ... XPee has "System restore" ... when HTASTOP
changes MSHTA.EXE to NOTEPAD.EXE, the "system restore" will IMMEDIATELY
change it back. That ain't OUR fault. We provided a quick solution in
HOPES folks would cheese off at MICROSOFT for not fixing this hole and
make them FIX it. We're STILL waiting. But once again, our MAJOR concern
is our PAYING customers. We have bills to pay and loyalty to those who
help us pay them, and THAT is our focus. I won't be answering that thread.
[...]
--
NSClean Privacy Software division
Privacy Software Corporation
http://www.nsclean.com
kevinmca@nsclean.com
" }-

You might wish to bear in mind that this whole "serious new attack method" has been debunked as a mistake ...

https://grc.com/x/news.exe?cmd=article&group=grc.security.software&item=88849

... and that there is no new mshta exploit. That this ...

https://grc.com/x/news.exe?cmd=article&group=grc.security.software&item=88452

-{ Quote: "
Subject:***PSC Newsletter-The FIRST wave of a serious new attack method...
Date:***Tue, 29 Jul 2003 23:29:44 -0400
From:***Nancy McAleavey <nancymca@privsoft.com>
[...]
***"In other words, this completely bypasses the security zone structures
***and patches of Internet Explorer because MSHTA is already running in
***the "local" zone ... therefore, when presented with script, it will
***parse it and run it, despite firewall, and IE restrictions.
***
***Back at the time of EXE2HTML, Microsoft had IE set so that the
***presence of the object call in a web page would invoke MSHTA.EXE ...
***their "solution" was to remove the ability to invoke it without a
***warning screen. However, if it's ALREADY RUNNING, then no such warning
***will occur and ..."
" }-

... just isn't true.

I understand that people may wish to kill mshta nevertheless, of course, and this thread now contains methods for manually doing so (including that neat winzip trick), so some good has come of it. But XP|ME + HTAstop isn't an ideal recipe.

- Added URL tags to fix all the GRC links - LWM

Milly - Thank you for joining the discussion here! And, welcome to Wilders. (Read a lot of your stuff over on GRC). Pete

Thanks Milly for the extra information. (Over at DSLR, the posting regarding the value of the need for HTAstop pretty much ended with people saying they didn't think the supposed exploit could do what was written up based upon how the code was supposed to run, but no one got a clear answer on it.)

As to whether it works or not, well, on my XP system it does work exactly as I described. I don't know the mechanics of how the dllcache copy gets written, or why XP does not return the proper copy instantly as your reference says it should... (Edit: I wonder if there are configuration options in XP that accounts for the different results? Some installation option differences perhaps?)

I say many times in the posts I make that I don't know what's going on inside the software, but rather I base my statements on external observations. That said: The currently available version of HTAstop2003 does indeed work on my system, meaning the changed copy of mshta.exe stays as a copy of Notepad, and the dllcache folder copy does change, as well. :-\ I just toggled it back and forth, and this is what it shows in Windows Explorer (image below) regarding the dllcache copy. (Edit: Note that I had to close Explorer and reopen it to get it to reflect the change in the file.)

Wondering...

Has anyone else here run HTAstop2003 on Windows XP? What happens to the copy of mshta.exe in the System32 folder? Does it stay as a copy of Notepad? What happens to the copy in the dllcache folder? Does it work on your system like mine doesm or is my system just unique?

A sidenote (more a "warning") to anyone considering following my instructions above... I have noticed that the User Accounts Control Panel applet no longer works with Notepad as a replacement for mshta.exe (the exact error is "C:\Temp\res:\C:\WINDOWS\system32\nusrmgr.cpl\nusrmgr.hta contains an invalid path.", where "C:\Temp" is a path that will vary by system). I was surprised by this, and I don't know what else might be affected by altering mshta.exe.

I'm close to deciding that this whole "replace mshta.exe" thing is too elaborate and inconvenient for my taste. Having things broken, and having to remember extra stuff are security trade-offs that I tend to be very loathe to make. I have so many other layers of protection that I'm not too worried about anything going wrong anyway. YMMV. ;)

-{ Quote: " quoting: nameless link=board=20;threadid=11988;start=30#msg85803 date=1062896743]I'm close to deciding that this whole "replace mshta.exe" thing is too elaborate and inconvenient for my taste. Having things broken, and having to remember extra stuff are security trade-offs that I tend to be very loathe to make. I have so many other layers of protection that I'm not too worried about anything going wrong anyway. YMMV. ;) " }-

Agreed, especially given the additional information Milly provided above (i.e. "...this whole "serious new attack method" has been debunked as a mistake..."), it hardly seems worth it now.

-{ Quote: " quoting: nameless link=board=20;threadid=11988;start=30#msg85803 date=1062896743]
A sidenote (more a "warning") to anyone considering following my instructions above... I have noticed that the User Accounts Control Panel applet no longer works with Notepad as a replacement for mshta.exe (the exact error is "C:\Temp\res:\C:\WINDOWS\system32\nusrmgr.cpl\nusrmgr.hta contains an invalid path.", where "C:\Temp" is a path that will vary by system). I was surprised by this, and I don't know what else might be affected by altering mshta.exe." }-
You are right about the control panel. However you simplly need to deactivate HTA when you need to access it and then reactivate hta afterwards

Sure, but the point is that's a hassle, and it's just not worth it to me from this vantage point. I don't even really use that Control Panel applet--I just happened to be poking around when I discovered the issue--but I don't like having 5,000 little "gotchas" on my system like that.