How to Remove the mshta.exe virus from PC

What is mshta.exe?

mshta.exe is a legitimate file that is also known as an interperter for Microsoft Scripting Host. It is responsible for executing html applications and assisting scripts to run in Windows system. It is typically located in c:\windows\system32.

Malware writers create malicious programs and replicate their file names as mshta.exe to spread virus on the internet.

Affected Platform: Windows OS

How to check if your computer is infected with mshta.exe malware?

If your PC is infected with mshta.exe, you will start getting unsolicited popups in your browser or you will automatically be redirected to irrelevant websites. Take the following steps to diagnose your PC for possible mshta.exe malware:

Step 1: Simultaneously press CTRL+ALT+DEL keys to open Task Manager.

Step 2: If you notice the file located outside the file path c:\windows\system32, then you should run an antivirus scan to get ride of the malware.

How to remove mshta.exe malware from system using Comodo Antivirus?

Step 1: Download the award-winning Comodo Free Antivirus.

Step 2: Installation configuration frames will be displayed. Select the configuration you would like to apply.

Step 3: Select Customize Configuration option and arrange installers, configuration, and file location.

Step 4: Restart your PC.

Step 5: It will take some time for the Comodo Internet Security to update the antivirus.

Step 6: Proceed with a quick scan that automatically begins after the update.

Step 7: If threats are found during the scanning, you will be prompted with an alert screen.

Step 8: Comodo Antivirus will remove mshta.exe malware from your computer including all other malware!

Related Resources:

Website Malware Directory Resources:

Malware Entries

Safe Entries

First Seen: 11 October 2011 at 10:35 am

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	N/A	Executable	6d39613eea63edd4 91051a5c998fe021 e99b1fea	a6d3c174897370f9 6e118f467c012d89	MalCrypt.Ind us!	No	N/A	N/A	5.182.32.98/32	N/A
2	Microsoft Corporation	Executable	276c96974b011db7 930782f79c103f98 5453cf3a	680e8b29ab567ba9 e60f8ef23474f242	Virus.Win32. Virut.CE	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Philippines	N/A
3	Microsoft Corporation	Executable	297633b228089f04 c099088e3f3fd70e 4a4fb77a	70011d405c478e08 df0c15c062a6fd97	Virus.Win32. Virut.CE	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Turkey	N/A
4	N/A	Executable	4ce817053d49d171 d609b0b32d43492e d6a49684	7ee51443af1aaf97 ef7b7bfb04f3d556	TrojWare.Win 32.Ransom.Bl ocker.UOY	No	N/A	N/A	Philippines	N/A
5	Microsoft Corporation	Executable	ee3dee878addfdea 8ef51d189c73585a 9b0655bf	d49d656274190e2d e220ea218d42f68b	Virus.Win32. Virut.AV	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Hungary	N/A
6	Microsoft Corporation	Executable	5d3f38177fc33033 a013f506d03e8b30 a2e9626e	cee8f7f72212a1f1 30b8abe9f4e60c1b	Virus.Win32. Expiro.nw	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Russian Federation	N/A
7	Microsoft Corporation	Executable	2c7c064be87b75fd 224baf9b50b1ea3c a4587496	eba0ae0190112213 70cf5d9281bf8169	Virus.Win32. Parite.gen	No	6.00.2900. 5512 (xpsp.0804 13-2105)	6.00.2900. 5512	United Arab Emirates	N/A
8	Microsoft Corporation	Executable	34070efdd495f852 14f2e61712098f87 f82d14f4	941575091c809740 8d492b160c5331e5	Virus.Win32. Alman.A	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Turkey	N/A
9	Microsoft Corporation	Executable	b0ccec81eb887033 9fd19362af7abdb5 4debd725	a81ec0cf635d1f16 6673ae0a282c08c6	Virus.Win32. Sality.gen	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Saudi Arabia	N/A
10	Microsoft Corporation	Executable	dd225b5ea060826f cb326df86110a3f8 eaf0c793	7096ce59e541d19e a0f16dc4eea3bba8	Virus.Win32. Virut.CE	No	8.00.7600. 16385 (win7_rtm. 090713-125 5)	8.00.7600. 16385	Indonesia	N/A
11	Microsoft Corporation	Executable	4ae2e1338484c5e1 dbcf44d57fc1a618 3a1a6208	486cc0afac3166cd 132b6704e2eabc3a	Virus.Win32. Virut.CE	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Poland	N/A
12	Microsoft Corporation	Executable	9c9212c3fcca7d1a 48ec4a66366a2347 c70aab37	92cb8da131a44d63 f2e28e49088a3bca	Virus.Win32. Virut.CE	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Indonesia	N/A
13	Microsoft Corporation	Executable	9e099899aaf45e82 5c73edc33fbe6451 45a3383b	7c7a777283f1999e dc0a4484270dd06d	Virus.Win32. Ramnit.K	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Pakistan	N/A
14	Microsoft Corporation	Executable	fe2bc22e5b842b6c 425d13f105beb59d 6a8f6129	72bcb898612388e1 7e43c78c1589f89b	Virus.Win32. Virut.CE	No	8.00.7600. 16385 (win7_rtm. 090713-125 5)	8.00.7600. 16385	Indonesia	N/A
15	Microsoft Corporation	Executable	6597a06378736834 71613a5fa57d01e7 28a28de6	6de112efb5804f5e f4b5ceee62f863e5	Virus.Win32. Sality.gen	No	8.00.7600. 16385 (win7_rtm. 090713-125 5)	8.00.7600. 16385	156.211.80.165/32	N/A
16	Microsoft Corporation	Executable	cb781fb7f48f5cb4 ae85cd1281f31486 2254e828	5b0282f19b3f7d69 bbc72ea1d481c1fd	Virus.Win32. Virut.CE	No	8.00.7600. 16385 (win7_rtm. 090713-125 5)	8.00.7600. 16385	197.32.161.143/32	N/A
17	Microsoft Corporation	Executable	d46b00412bda8121 28419271e7ecd4e3 0f2000e0	1c8478800e6db636 49c140e8510027d3	Virus.Win32. Alman.A	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Russian Federation	N/A
18	Microsoft Corporation	Executable	efd428e70c0a9960 0a2e39e7eb7886b9 99e81de0	0b4accb0858b65cb 387aeb14742236d2	MalCrypt.Ind us!	No	6.00.2900. 5512 (xpsp.0804 13-2105)	6.00.2900. 5512	Russian Federation	N/A
19	Microsoft Corporation	Executable	11979857bcec6099 e86eb20f07596139 5122aaac	003b300e1009bfc6 f7ee7f0bae85ee44	Virus.Win32. Virut.Ce	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Egypt	N/A
20	Microsoft Corporation	Executable	09a1bdf92466f0d7 0a7e6f8db470d95e 2792a81f	d4d1d18acd0a63d6 d4c4ef2bbfe9e628	EmailWorm.Wi n32.Runonce. ~v001	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Cameroon	N/A
21	Microsoft Corporation	Executable	3566e49e9467b9b3 76d8fb9a64e78b34 13f67384	31876f07c3aeb5fd b0d3818adf923359	Virus.Win32. Sality.gen	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Turkey	N/A
22	Microsoft Corporation	Executable	3d642f9c86bfd1d0 94d939f1b4ac8257 89224fa2	2f256361b525b397 f8a6a15071c237c8	Virus.Win32. Expiro.naf	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Russian Federation	N/A
23	Microsoft Corporation	Executable	7c20b163ce139e35 b30789f994d51757 90eb3be0	a44710b3803dd07d 27c1ef6f74f55f84	Virus.Win32. Virut.CE	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Poland	N/A
24	Microsoft Corporation	Executable	78c1a1be6fe79ccf d42a6e2a69afe52a ecfe8dff	31dfa233cc345aa2 9bcf1be10a1b78a3	Virus.Win32. Virut.CE	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	United States	N/A
25	Microsoft Corporation	Executable	bcb3588dbb3c822d 98c41da350d7130c 005eff8c	3edf4933bc1cdd48 afaddb574f91e8e4	Virus.Win32. Sality.Q	No	6.00.2600. 0000 (xpclient. 010817-114 8)	6.00.2600. 0000	Poland	N/A
26	Microsoft Corporation	Executable	2d4865489c2f032a fbb1976598dc067b 34501726	39677644d2f05987 74b80a9a44eefa57	Virus.Win32. Virut.CE	No	8.00.7600. 16385 (win7_rtm. 090713-125 5)	8.00.7600. 16385	Russian Federation	N/A
27	N/A	Executable	b87d34301e2d5e49 898fc33002a07ced 6a76c924	f8cb59dcabd65440 f4a54675d552cfbe	MalCrypt.Ind us!	No	N/A	N/A	5.182.32.98/32	N/A
28	Microsoft Corporation	Executable	a759b3835fc69b85 df16ea280b60463c c6c85ee9	1572e4efb983d68a afd221ebeb1d7f8b	Virus.Win32. Virut.Ce	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Romania	N/A
29	Microsoft Corporation	Executable	552ba7018a3d4c10 e74c3fda4ecdb455 c9c54678	e4c1d2b1df4b5385 1b755c7104904d19	TrojWare.Win 32.Patched.Q	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Brazil	N/A
30	Microsoft Corporation	Executable	ea9dfd05d2dcd645 a09f50ae7085f986 d55cf41c	a355b1e96f28f9bb f3b21bc78dc64566	Virus.Win32. Virut.CE	No	8.00.7600. 16385 (win7_rtm. 090713-125 5)	8.00.7600. 16385	105.103.2.74/32	N/A
31	Microsoft Corporation	Executable	51d209345f052926 00acb1576f8748b9 7fb0f0ff	093c8e6ef011634a 90f81af5e5109367	Virus.Win32. Expiro.R0	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Ukraine	N/A
32	Microsoft Corporation	Executable	23f104d309ce2cd0 84f2c03da216f310 ccbaf22a	9d9923224d51edc7 60ffdd2d6ca1dfdd	Virus.Win32. Sality.K	No	6.00.2900. 5512 (xpsp.0804 13-2105)	6.00.2900. 5512	Mexico	N/A
33	Microsoft Corporation	Executable	21a99bf9e0e94746 0b77090b45a07583 b01f7682	201fddbbd4084276 5dc5c765bb7f4140	Virus.Win32. Virut.CE	No	7.00.5730. 13 (longhorn( wmbla).070 711-1130)	7.00.5730. 13	Indonesia	N/A
34	Microsoft Corporation	Executable	2453c01d06c46529 ec02cbbdc3bd61ae 1d4be2cd	1788aee133efc56c 972d910688a7352d	Virus.Win32. Sality.gen	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Saudi Arabia	N/A
35	Microsoft Corporation	Executable	556e46c38dde64d0 1bf547148087e2e8 857514cb	2168a09b6c976a10 6f9813cb0f04bbac	EmailWorm.Wi n32.Runonce. ~v001	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Cameroon	N/A
36	Microsoft Corporation	Executable	efa430c6b541c2e4 d16b10793b062b6a 26ee594d	da5eb697437f6a1f 6f7a6b63aceb10e6	P2PWorm.Win3 2.Polip.A	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Jamaica	N/A
37	Microsoft Corporation	Executable	1ba5f7d6fe855a89 578989b7b8507d8d d826a30d	371ebab8367a9d84 b83cd5d2f8df7398	Virus.Win32. Sality.gen	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Ukraine	N/A
38	Microsoft Corporation	Executable	5f92268a0860bcab e349ec9ac4014e43 d7744dc5	3382ee314fdd2df9 a4ba4b7a55aad50a	Virus.Win32. Alman.A	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Russian Federation	N/A
39	Microsoft Corporation	Executable	0f50ef39e7407efa 55c4d45d49be6606 c0bc1ec7	d92fa8ee6c0e994b 699df2a4f1be5987	Virus.Win32. Sality.gen	No	5.00.2314. 1000	5.00.2314. 1000	Russian Federation	N/A
40	Microsoft Corporation	Executable	f27d39bb28063e3c bc970372ee2e9010 713f137a	084a0ac87d030463 db73e7ba14257001	Virus.Win32. Virut.CE	No	8.00.7600. 16385 (win7_rtm. 090713-125 5)	8.00.7600. 16385	Nigeria	N/A
41	Microsoft Corporation	Executable	0aac834b0162a237 d24af6b2926f0510 36e09494	40e83fdbc70e54f8 dac7d9bbd3fdd20c	Virus.Win32. Virut.CE	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Pakistan	N/A
42	Microsoft Corporation	Executable	bce74e613ea19430 ac537a6c22e5dba9 0d46a57f	dc53af69eef0f7bc 92d91569edac828c	Virus.Win32. Sality.gen	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Poland	N/A
43	Microsoft Corporation	Executable	df97e43518ab3399 a30ba8c5040c9fae 84d9ce5c	21f8cbce616db657 af175d25eb67dc3e	Virus.Win32. Ramnit.A	No	11.00.9600 .16428 (winblue_g dr.131013- 1700)	11.00.9600 .16428	91.226.15.74/32	N/A
44	Microsoft Corporation	Executable	45f19aa5a298fdd6 221ff692689b8c10 8e0e4990	629b1b726acc4fd2 c8dc559911316da7	Virus.Win32. Sality.gen	No	6.00.2900. 2180 (xpsp_sp2_ rtm.040803 -2158)	6.00.2900. 2180	Ukraine	N/A

Prev 1 2 3...11 Next

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 27 August 2008 at 1:45 am

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	Microsoft Corporation	Executable	51c97ebe601ef079 b16bcd87af827b0b e5283d96	0b4340ed812dc82c e636c00fa5c9bef2	No	11.00.1904 1.1 (WinBuild. 160101.080 0)	11.00.1904 1.1	104.238.128.144/32
2	Microsoft Corporation	Executable	ca45566db9426c09 455990ad2832bf7e ebe2093a	9f9be296b7cc0640 d50f2e568a10e4ae	No	5.00.2614. 3500	5.00.2614. 3500	Japan
3	Microsoft Corporation	Executable	83c70c66cd4e971b e2e36efdc27fbcb7 ff289032	95828d670cfd3b16 ee188168e083c3c5	No	11.00.9600 .16428 (winblue_g dr.131013- 1700)	11.00.9600 .16428	United States
4	Microsoft Corporation	Executable	88fc2ea61da1154b 977aa88885c78fa0 023610dd	d20546e759341e70 c92118eac1277370	No	7.00.5450. 4 (winmain(w mbla).0606 23-0309)	7.00.5450. 4	Internal Submission
5	Microsoft Corporation	Executable	98fc603fa346545b aeff21a887eccddb c7e8d7d7	3b71c6efaa6d39ab 3fa1262ced672319	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Russian Federation
6	Microsoft Corporation	Executable	5924007afda4703e 2add2c44507cfcbf a98a55b7	ad8f83f16a3ce2b0 93b38b279b419387	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	10.224.1.53/32
7	Microsoft Corporation	Executable	089b8363eb686c8d 055ec2c4e5899fdd 450ef77d	06b02d5c097c7db1 f109749c45f3f505	No	11.00.1904 1.1 (WinBuild. 160101.080 0)	11.00.1904 1.1	United States
8	Microsoft Corporation	Executable	5924007afda4703e 2add2c44507cfcbf a98a55b7	ad8f83f16a3ce2b0 93b38b279b419387	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	Internal Submission
9	Microsoft Corporation	Executable	c2ce6cf941587e41 f5990a81597fe050 28153427	95e7e4913891bd12 ff9a58c60ea8d143	No	6.00.2800. 1106	6.00.2800. 1106	Internal Submission
10	N/A	Non-executable	f5712b42316efa5a 22e60dee544c2d86 353b88c9	e7c9a24b73163f6f ca839601b648ce0f	No	N/A	N/A	United States
11	N/A	Non-executable	596fa0257a275c11 84652e2ff32c11c3 947df155	7bab551d1f3e4a5f 96ca6ca43f22fd63	No	N/A	N/A	United States
12	Microsoft Corporation	Executable	089b8363eb686c8d 055ec2c4e5899fdd 450ef77d	06b02d5c097c7db1 f109749c45f3f505	No	11.00.1904 1.1 (WinBuild. 160101.080 0)	11.00.1904 1.1	104.238.128.144/32
13	N/A	Executable	af6cd99797a76938 f6e1a1c1786c853a be416489	accb46e21040dd8b 92d933ac0ab36b8c	No	N/A	N/A	United States
14	Microsoft Corporation	Executable	51c97ebe601ef079 b16bcd87af827b0b e5283d96	0b4340ed812dc82c e636c00fa5c9bef2	No	11.00.1904 1.1 (WinBuild. 160101.080 0)	11.00.1904 1.1	United States
15	N/A	Non-executable	9ca6306ea86d54c0 bbb79bcf94d494eb 802b727a	50bb8da097a4257e 3fff4b0885b4fc4f	No	N/A	N/A	United States
16	Microsoft Corporation	Executable	4431be13279540a8 f2bbc44f2d0c5988 e18f5518	05ae2b513fa46e15 7e4f58f11fe0f351	No	6.00.2900. 5512 (xpsp.0804 13-2105)	6.00.2900. 5512	10.224.1.54/32
17	N/A	Non-executable	82cde2ef2063bee7 2ba22ac7696faf7c afbb9697	e3167b5fc3916f07 35161c906512edb9	No	N/A	N/A	United States
18	Microsoft Corporation	Executable	4431be13279540a8 f2bbc44f2d0c5988 e18f5518	05ae2b513fa46e15 7e4f58f11fe0f351	No	6.00.2900. 5512 (xpsp.0804 13-2105)	6.00.2900. 5512	10.224.1.57/32
19	Microsoft Corporation	Executable	4431be13279540a8 f2bbc44f2d0c5988 e18f5518	05ae2b513fa46e15 7e4f58f11fe0f351	No	6.00.2900. 5512 (xpsp.0804 13-2105)	6.00.2900. 5512	10.224.1.65/32
20	Microsoft Corporation	Executable	5924007afda4703e 2add2c44507cfcbf a98a55b7	ad8f83f16a3ce2b0 93b38b279b419387	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	10.224.1.55/32
21	Microsoft Corporation	Executable	4431be13279540a8 f2bbc44f2d0c5988 e18f5518	05ae2b513fa46e15 7e4f58f11fe0f351	No	6.00.2900. 5512 (xpsp.0804 13-2105)	6.00.2900. 5512	10.224.1.53/32
22	Microsoft Corporation	Executable	5924007afda4703e 2add2c44507cfcbf a98a55b7	ad8f83f16a3ce2b0 93b38b279b419387	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	10.224.25.96/32
23	Microsoft Corporation	Executable	bb42ecb287b76f84 e8fb6bda02664c11 91cb86cb	3069a48db10f5d07 d34b2a5334f9487f	No	11.00.1904 1.3636 (WinBuild. 160101.080 0)	11.00.1904 1.3636	United States
24	Microsoft Corporation	Executable	5924007afda4703e 2add2c44507cfcbf a98a55b7	ad8f83f16a3ce2b0 93b38b279b419387	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	10.224.1.57/32
25	Microsoft Corporation	Executable	5924007afda4703e 2add2c44507cfcbf a98a55b7	ad8f83f16a3ce2b0 93b38b279b419387	No	8.00.6001. 18702 (longhorn_ ie8_rtm(wm bla).09030 8-0339)	8.00.6001. 18702	10.224.1.65/32

Prev 1 2 3...7 Next

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Malware Search Engine

How to Remove “mshta.exe”

What is mshta.exe?

How to check if your computer is infected with mshta.exe malware?