mshta.exe suspicious scripting activity

Discussion in 'malware problems & news' started by jason65, Jul 5, 2005.

Thread Status:
Not open for further replies.
  1. jason65

    jason65 Guest

    mshta.exe suspicious scripting activity

    when i try to change the way users log on or off the
    system my virus scanner (mcafee virus scan online)
    displays the following message.

    "A suspicious script has been detected. The file
    mshta.exe contains suspicious scripting activity and has
    been stopped."

    Should i be worried about this?

    thanks

    jason65
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    More info here.

    Hope this helps...

    Cheers :D
     
  3. jason65

    jason65 Guest

    hi, BlackSpear i have followed the cleaning instrustions , but i still get this info every time i try and change the way users logon to my system?
    Script Details:

    File: mshta.exe

    Activity: the script is attempting to call the RegRead method within the lWshShell3 object

    File path: mshta.exe

    Status: The script execution has been stopped

    I have scanned My Computer with an updated McAfee(DAT file: 06/07/2005 _DAT Version4.0.4529), but does not detect anything, what should i do?

    The mshta.exe is located in C;\WINDOWS\System32

    lWshShell3 object - have no idea what this is (could be IW not lw)

    Would really like some good advice?

    kind regaurds J
     
  4. jason65

    jason65 Guest

    PE,Trojan,Internet Worm and memory resident :
    Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner:

    SCANPM /ADL /CLEAN /ALL

    How do i do this above, sorry new comp user?

    Could the script error be a false postive, as i have scanned my comp with bitdefender, McAfee, Ewido free, spybot, adaware, MSAS and unhackme and cwsredder?
     
  5. jason65

    jason65 Guest

    I think ive found the answer it is a false postive, it seems lots of people have had this problem at some point while using Mcafee>Read this or visit the post at> (http://forums.mcafeehelp.com/viewtopic.php?p=217126#217126)

    There's a simple issue here....First, the "mshta.exe" application is used by a number of exploits to cause infections with viruses and other malware. So, it's a "good thing" that the script notification is popping up when the activation of this program occurs. It is performing as designed. BUT, it IS an annoyance when the script notification occurs on a "safe" execution of the program. McAfee has added many of the safe scripts to the programs "exclusions" so that the pop up doesn't happen as often as before, but it still occurs occasionally on safe scripts.

    A suggestion..., the newest Microsoft Script Engine has fixed many of the problem errors from McAfee. Try installing it on your computer...It might fix the issue:

    Since you didn't tell us which operating system you're using, please download you version from the appropriate link below:

    What do the experts think?

    Regaurds jason
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have used mcafee many many different times in a lot of different versions. And it sounds to me like all mcafee is detecting is the script used to change the users. a completely normal function. It is probably a little nerve racking but I personally would not worry about it. That is exactally what it is supposed to look for is scripting and it probably does not recognize that action as allowable. That would not be one that would show up very often. if nothing else shows it as malacious you can put that action on mcafees ignore list.
     
  7. jason65

    jason65 Guest

    Thank you Big C, for your advice. I was worried to start with, but i have scanned with lots of programs, that have showed nothing.I have also read about this problem on the McAfee Forums,so i kinda feel i can trust this script. You are wright thou it is a bit nerve racking as it makes you feel worried. Thank you BIG C and all at wilders,

    best wishes Jason65
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    You are probably in good shape but just in case you do have anymore problems or questions do come back and post your question or state your problem.

    surf safe
    bigc
     
Loading...
Thread Status:
Not open for further replies.