What is mshta.exe?
mshta.exe is a legitimate file that is also known as an interperter for Microsoft Scripting Host. It is responsible for executing html applications and assisting scripts to run in Windows system. It is typically located in c:\windows\system32.
Malware writers create malicious programs and replicate their file names as mshta.exe to spread virus on the internet.
Affected Platform: Windows OS
How to check if your computer is infected with mshta.exe malware?
If your PC is infected with mshta.exe, you will start getting unsolicited popups in your browser or you will automatically be redirected to irrelevant websites. Take the following steps to diagnose your PC for possible mshta.exe malware:
Step 1: Simultaneously press CTRL+ALT+DEL keys to open Task Manager.
Step 2: If you notice the file located outside the file path c:\windows\system32, then you should run an antivirus scan to get ride of the malware.
How to remove mshta.exe malware from system using Comodo Antivirus?
Step 1: Download the award-winning Comodo Free Antivirus.
Step 2: Installation configuration frames will be displayed. Select the configuration you would like to apply.
Step 3: Select Customize Configuration option and arrange installers, configuration, and file location.
Step 4: Restart your PC.
Step 6: Proceed with a quick scan that automatically begins after the update.
Step 7: If threats are found during the scanning, you will be prompted with an alert screen.
Step 8: Comodo Antivirus will remove mshta.exe malware from your computer including all other malware!
First Seen: 11 October 2011 at 10:35 am
No. | Company | File Type | SHA1 | MD5 | Malware Name |
Digitally Signed |
File Version |
Product Version |
Submitted From |
Malware Behavior |
---|---|---|---|---|---|---|---|---|---|---|
1 | N/A | Executable | 6d39613eea63edd4 91051a5c998fe021 e99b1fea |
a6d3c174897370f9 6e118f467c012d89 |
MalCrypt.Ind us! |
No | N/A | N/A | ![]() |
N/A |
2 | Microsoft Corporation | Executable | 276c96974b011db7 930782f79c103f98 5453cf3a |
680e8b29ab567ba9 e60f8ef23474f242 |
Virus.Win32. Virut.CE |
No | 6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158) |
6.00.2900. 2180 |
![]() |
N/A |
3 | Microsoft Corporation | Executable | 297633b228089f04 c099088e3f3fd70e 4a4fb77a |
70011d405c478e08 df0c15c062a6fd97 |
Virus.Win32. Virut.CE |
No | 8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339) |
8.00.6001. 18702 |
![]() |
N/A |
4 | N/A | Executable | 4ce817053d49d171 d609b0b32d43492e d6a49684 |
7ee51443af1aaf97 ef7b7bfb04f3d556 |
TrojWare.Win 32.Ransom.Bl ocker.UOY |
No | N/A | N/A | ![]() |
N/A |
First Seen: 27 August 2008 at 1:45 am
No. | Company | File Type | SHA1 | MD5 | Digitally Signed |
File Version |
Product Version |
Submitted From |
---|---|---|---|---|---|---|---|---|
1 | Microsoft Corporation | Executable | 51c97ebe601ef079 b16bcd87af827b0b e5283d96 |
0b4340ed812dc82c e636c00fa5c9bef2 |
No | 11.00.1904 1.1 (WinBuild. 160101.080 0) |
11.00.1904 1.1 |
![]() |
2 | Microsoft Corporation | Executable | ca45566db9426c09 455990ad2832bf7e ebe2093a |
9f9be296b7cc0640 d50f2e568a10e4ae |
No | 5.00.2614. 3500 |
5.00.2614. 3500 |
![]() |
3 | Microsoft Corporation | Executable | 83c70c66cd4e971b e2e36efdc27fbcb7 ff289032 |
95828d670cfd3b16 ee188168e083c3c5 |
No | 11.00.9600 .16428 (winblue_g dr.131013- 1700) |
11.00.9600 .16428 |
![]() |
4 | Microsoft Corporation | Executable | 88fc2ea61da1154b 977aa88885c78fa0 023610dd |
d20546e759341e70 c92118eac1277370 |
No | 7.00.5450. 4 (winmain(w mbla).0606 23-0309) |
7.00.5450. 4 |
![]() |