GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Tech Junkies, I need help...IE is messed up

Wilber · 08-16-2001, 06:29 PM

Unfortunately running a virus checker will not see it b/c its run through
mshta.exe which is an entrusted file.

There is a popular program (I will not give the name here b/c the kiddies
visiting here will go grab it) and this program will actually embed trojans,
viruses and other executables directly into a web page as a script. My guess
RedShoe is you clicked "OK" when prompted to "entrust" a download and
therefore allowed access via VB to infect your system.

99% of your CPU is most likely a worm. Virus soft will not see it. There is
a program available to disallow any further hta downloads
ftp://ftp.nsclean.com/pub/htastop.exe

You do not need to run the exe it starts on its own right after completing
the d/l. To remove htastop.exe just delete it.

As far as your prob goes...well aside of doing a complex registry filtering
and other ugly stuff I would suggest you have to do the biggy...save what
you need and then fdisk and then reinstall windows.

Its a good idea to say "NO" to entrusted downloading...always no matter
where you are...even Microsoft.

Oh...last thought. One I know of (A worm using this method) is called Elva.
The file is named "card.hta" search your HD for this one first.

08-16-2001, 06:29 PM
Wilber Confirmed User Join Date: May 2001 Location: De,Oh,Lei Posts: 1,295	Unfortunately running a virus checker will not see it b/c its run through mshta.exe which is an entrusted file. There is a popular program (I will not give the name here b/c the kiddies visiting here will go grab it) and this program will actually embed trojans, viruses and other executables directly into a web page as a script. My guess RedShoe is you clicked "OK" when prompted to "entrust" a download and therefore allowed access via VB to infect your system. 99% of your CPU is most likely a worm. Virus soft will not see it. There is a program available to disallow any further hta downloads ftp://ftp.nsclean.com/pub/htastop.exe You do not need to run the exe it starts on its own right after completing the d/l. To remove htastop.exe just delete it. As far as your prob goes...well aside of doing a complex registry filtering and other ugly stuff I would suggest you have to do the biggy...save what you need and then fdisk and then reinstall windows. Its a good idea to say "NO" to entrusted downloading...always no matter where you are...even Microsoft. Oh...last thought. One I know of (A worm using this method) is called Elva. The file is named "card.hta" search your HD for this one first.