Richhs Posted March 3, 2011 Posted March 3, 2011 I'm sure some of the brilliant tech minds here have come across this issue, so I'm seeking some knowledge on what piece of malware causes this and how do I resolve it.I'm working on a DELL system with Windows XP Home and IE 8 that has an issue where multiple mshta.exe files open in background when accessing the http protocol.I can access the Task Manager and end the multiple processes (which build up to a dozen or more instances of the mshta.exe running) in the background, but as soon as I access the internet through IE they start repopulating.Any ideas on this one people ?
Richhs Posted March 3, 2011 Author Posted March 3, 2011 Never mind... I found the cause.It seems that a site called funnyracoonshow.com created about 30 instances of scheduled tasks to run every day of the week.I deleted all of the tasks that were show up as AT1...AT2...AT3...etc... in the scheduled tasks area and that seems to have done the trick.I'll post back later to confirm this was the issue.
Bruenor Posted March 3, 2011 Posted March 3, 2011 Thank you, Thank you, Thank you!!I've been pulling my hair out on a PC that kept poping up a malware notification, it kept downloading adware files into C:\windows\temp.. I've been scanning the with everthing I could think of in my normal malware toolbox, and I spotted the mshta.exe process pointing at funnyracoon.com using process explorer, but was not finding what was spawning the process.. I'd kill the mshta.exe process and it would respawn a few minutes later.. I did a google search for funnyracoonshow.com malware and your post came back as the ONLY hit.. (how many times do you only get a single hit from google ? )Checking the scheduler as you suggested revealed all the jobs scheduled as you stated.. not a place I normally look, but I guess I'll have to check more often now. Thanks again.
Richhs Posted March 3, 2011 Author Posted March 3, 2011 You're welcome... I'm glad this was of some help to you.It was driving me crazy as well... thanks for the reply.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now