HTAstop advice please

Discussion in 'other security issues & news' started by Robyn, Jul 9, 2004.

Thread Status:
Not open for further replies.
  1. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I have just been made aware of HTAStop from http://www.nsclean.com/htastop.html I realise this is something I hadn't considered as part of my security applications but thought I would ask before I installed it if anyone has used or is using this and is it effective? I am running Windows XP and know it works with this but am not too sure about the application.
     
  2. dog

    dog Guest

    Hi Robyn, ;)

    Yes, I use it .... it's kinda protect 'n forget ... like Steve Gibson three musketeers ... or gkweb's little utility WWDC "Window Worms Doors Cleaner" (but provides a totally different protection of course it's only the same as in it stays disabled until you re-enable it again ... which I've never had a need to do)... it's even recommended by Wilders' ... in the tools section ... under prevention - http://www.wilders.org/free_tools.htm ... it will protect you from the following (Quote) ... and the nsclean link describes how it works effectively

    Steve
     
  3. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thanks dog :) I was worried I might stop something I shouldn't if I used this but now I see it is recommended by Wilders and know you are using it as a set and forget - next tool for me to try now. Thanks for your reply.
     
  4. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Hi,i 've used HTA Stop in the past,and if i well remember it will make you lose the control panel-user account options in Win XP. I mean,you won't be able to modify your icon,password etc and create new accounts unless you reactivate the feature.

    I m not 100% sure,but i am pretty positive about it.

    Now i just use Script defender (you can make it intercept .hta too).
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Also if you run WormGuard... just add HTA in the Blocked Editor's List

    TAS
     
  6. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I found this on the site about HTAStop
    Thanks for the info about worm guard as I was thinking about this software when I set up my new HD. I wish HTAStop had not placed the download on the site they have as there are one to many cookies and popups to get through there :eek: I will have a look at Script defender also, thanks.
     
  7. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    I m glad my memory wasn't fooling me... Well,you can find Script Defender here.It's free:
    http://www.analogx.com/contents/download/system/sdefend.htm

    You can add any kind of extension you like.And it works.In the programme's directory there is a .vbs script for testing.If it intercepts it upon execution,you 've installed it well.

    In my pc works perfectly.
     
  8. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thank you for the link, I have just downloaded this to have a look. I presume I have to add the HTA extension and then it will warn me to accept or reject?

    HTA was already listed :oops: and the vbs script test worked. I am testing it on my laptop first. Thanks for the added advice as this will block more than HTA's.
     
    Last edited: Jul 9, 2004
  9. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    If it was already installed,you don't need to add it again of course.If the vbs test worked ,you 're safe against the rest too.

    In my list i have these and haven't had any problems:

    .VBS,.VBE,.JS,.JSE,.HTA,.WSF,.WSH,.SHS,.SHB,.SWF,.CSS,.PIF,.CHM,.WSC,.SCT,.WMD,.ASF,.CPL,.CRT,.ADE,.ADP,.BAS,.BAT,.HTM,.HTML,.DLL
     
  10. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thank you for the extra extensions, I have added these to see how things go for me now :)
     
  11. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    How do you see if protection is enabled or not in this app? And how can I test it's really working? TIA
     
  12. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    If you look in the program folder via Windows explorer there is a test in there to run. You can run the test and accept or reject the script.

    I am running the beta of PrevX but Script Defender will not allow me access to the help file even when I tell it to allow the script - I have to unload the guard and access the file o_O One other thing I have found is that Ad-aware finds a key for Script Defender when I have been alerted to it as I used Reghance to find the alert and it was in Script Defender's folder! I am not sure if this is the result of running the test or why Ad-aware is finding the command for SD.

    I am also unsure about the HTA stop aspect as I was able to scan and download from Windows update which HTA stop has to be disabled for o_O I am still trying it but have just found these few wee issues.
     
  13. Hyperion

    Hyperion Registered Member

    Joined:
    Sep 29, 2003
    Posts:
    302
    Which help file? It allows them on my PC.Also Adaware finds nothing in my PC :) I m running PrevX too.Anyway,you may try to remove the extension from the list. Is it .chm? I had such an issue once with an extension,i removed it and all was fine.Make sure that first you remove ALL intercepts,then re.install them without the one that gives you problem.Don't just remove it from the list,it remembers it.Uninstall all of them ,and then put them back.
     
  14. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thanks Hyperion, I will have to look at the actual extension later as it is installed on my laptop where I am running PrevX also. I removed all of them and when I click on the Help on the screen in PrevX (I think in the bottom left side - will need to check this) SD came out and asked if I wanted to run the script, I said yes but it still did not open the file. I then uninstalled everything I had listed and the file opened. I will put SD back to default file list and see how that goes as I have added ones to the extensions.
     
  15. Hyper

    Hyper Guest

    Ah,PrevX's help file. Yes,it is .chm. But worked on my pc when i allowed Script Defender...
     
  16. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    About this scriptdefender thing, I removed the monitoring of files and then removed the app, but now I can't open any vbs files anymore! What do I need to delete to remove the protection? Btw, I think scriptrap is much better never had any problems with it.

    And I wanted to test HTAStop but there isn't a help file, just a exe file, that's about it. I did see an entry with autostart viewer that concerned HTA. But I want to see how this app works, how can I test it?
     
  17. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,349
    Location:
    The Netherlands
    When you execute HTA Stop it will back up the original mshta.exe file, and rename it mshta.exf.

    Although you will stll have a Mshta.exe file in your System32 folder, that will in fact be nothing but a cleverly disguised Notepad.exe file

    All this to ensure that *.hta files will not run.
     
  18. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I have had problems with Script Defender also :( I added to extra list for protection and found various things would not work any longer plus Ad-watch went crazy when the extension were added :( I removed all intercepts but was not sure after doing this if I should click done or just close o_O I went back to the defaults and now find I cannot 'merge' the reg key for IESpyad (I can install with the .Bat from cmd which at least is something) It was too late to try and fix it last night :'( Thankfully it is only on my laptop and I am going to be reformatting it soon but the next time I think I will install HTAstop as I do not want to mess up a new install :'(

    Problem fixed but I think I will employ HTAStop on my new install after this!
     
    Last edited: Jul 19, 2004
Thread Status:
Not open for further replies.