• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
Sign in to follow this  
Followers 0
Richhs

Multiple mshta.exe Files in Task Manager

4 posts in this topic

I'm sure some of the brilliant tech minds here have come across this issue, so I'm seeking some knowledge on what piece of malware causes this and how do I resolve it.

I'm working on a DELL system with Windows XP Home and IE 8 that has an issue where multiple mshta.exe files open in background when accessing the http protocol.

I can access the Task Manager and end the multiple processes (which build up to a dozen or more instances of the mshta.exe running) in the background, but as soon as I access the internet through IE they start repopulating.

Any ideas on this one people ?

0

Share this post


Link to post
Share on other sites

Never mind... I found the cause.

It seems that a site called funnyracoonshow.com created about 30 instances of scheduled tasks to run every day of the week.

I deleted all of the tasks that were show up as AT1...AT2...AT3...etc... in the scheduled tasks area and that seems to have done the trick.

I'll post back later to confirm this was the issue.

0

Share this post


Link to post
Share on other sites

Thank you, Thank you, Thank you!!

I've been pulling my hair out on a PC that kept poping up a malware notification, it kept downloading adware files into C:\windows\temp.. I've been scanning the with everthing I could think of in my normal malware toolbox, and I spotted the mshta.exe process pointing at funnyracoon.com using process explorer, but was not finding what was spawning the process.. I'd kill the mshta.exe process and it would respawn a few minutes later..

I did a google search for funnyracoonshow.com malware and your post came back as the ONLY hit.. (how many times do you only get a single hit from google ? )

Checking the scheduler as you suggested revealed all the jobs scheduled as you stated.. not a place I normally look, but I guess I'll have to check more often now.

Thanks again.

0

Share this post


Link to post
Share on other sites

You're welcome... I'm glad this was of some help to you.

It was driving me crazy as well... thanks for the reply. :thumbup

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.