virus or spyware or something

Posted on

Member Since: Jan 18, 2003

...suddenly i have to choose which user account to log into when my computer boots. i have always had it set to automatic. this changed yesterday. there also appears to be a new user account! "ASP.net machine a.." limited access, password protected. when i try to change login options, to reset back to automatic log in, my mcaffee finds suspicious scripting action inside mshta.exe. there's stuff online about this, but not in conjunction with XP, it seems. but anyway, stuff online i've found says mshta.exe can be exploited by drive-by active x activity when using internet explorer, and that's how this bug gets in. i never use explorer. but i had to just the other day, to upload some ftp files.

anyone ever hear about this? what do i do?

[ Back to Top ]


Eat Spam before it eats YOU!!!
Member
Since: May 11, 2002


Dec 10, 2006 05:10 pm

it's an XP bug

www.mvps.org/marksxp/WindowsXP/aspdot.php

you want to probably do this
mvps.org/marksxp/WindowsXP/welskip.php

Administrator
Since: Apr 03, 2002


Dec 10, 2006 05:20 pm

no, it's a "feature"

Member
Since: Jan 18, 2003


Dec 10, 2006 05:48 pm

how did this happen, and is it anything to worry about? i'll tell you what i did: i had to use internet explorer to upload my html files for my new website. they had a java tool, and it required explorer. so i used it, something i never do anymore. next thing i know, the way i login is different and there's this strange account. thing is, though, i didnt install anything.

so do i worry about this or what?

i just realized i never installed SP2 on this computer. tried to once, didnt work. i'm going to try installing it now.

Member
Since: Jan 18, 2003


Dec 10, 2006 06:12 pm

wow. microsoft really, really sucks.

i can't even download SP2. it doesn't show up as an option, doesn't show up as needed, in my 'automatic updates.' and of course there's no way to download SP2 itself, manually. now you have to use auto-updates, regardless of whether or not you want to. great thinking. i need one patch and there's no way to simply get it without going through three phone calls and rudeness and the runaround. the tech says the only other option is to order the cd-rom, which takes four to six weeks and comes with a S/H charge attached.

Administrator
Since: Apr 03, 2002


Dec 10, 2006 06:41 pm

oh, look around the net, you will find SP2, it's about a 120MB download if I recall correctly.

Here, for example www.softwarepatch.com/windows/xpsp2.html and actually, it seems to be 266 MB...jeez, hope you ain't on dialup :-)

Member
Since: Jan 18, 2003


Dec 10, 2006 09:05 pm

well thanks, db. i will try to install this. i hope it is trustworthy. got a few pop up ads at that site.

but anyway, do you have any idea what happened to my computer? that's the thing, the unknowing, which is bothering me. all i know is that i did two sketchy things, and then it began. i tried to upload my html pages to my site using a java interface (using internet explorer, and the java app failed, actually). and then i downloaded a free program called 'videora' in order to convert mpegs to .mov files, for my new ipod video. i also got a free avi to mpeg converter. one of these--i think videora--was a little strange. i clicked on the install file and my mcafee told me it was trying to access the internet. i let it, thinking that the install file must be some kind of a 'pointer' file which then contacts the server and coordinates the actual download.

so i did these two things. next thing i know, i have this ASP.net account set up automatically, and i'm forced to use the login screen. and when i try to access user accounts in my control panel, mcaffee tells me mshta.exe is executing a suspicious script and has been stopped. then i am locked out of the user accounts panel. it closes.

if anyone has heard anything about this, please let me know. i will research it more fully later. right now, im going to set up a virus and malware scan.


Administrator
Since: Apr 03, 2002


Dec 10, 2006 09:07 pm

personally, I've never heard of that issue before.

Eat Spam before it eats YOU!!!
Member
Since: May 11, 2002


Dec 10, 2006 10:57 pm

as long as you don't have a local webserver you can delete it.

It is actually a feature... just an increadably poorly implemented one... someone was probably thinking UNIX when it was designed as it's fairly common to set up applications to run as an underpriveledged user or group... just looking (running slackware) I have 22 user accounts of which 2 are actual users (including root) the rest are all for processes... mail, mysql, etc.

it allows so the process only has access to what it needs to function...

Member
Since: Jan 18, 2003


Dec 11, 2006 12:06 am

yeah, i read that it was safe to delete it. and i guess i will. i just don't understand why it was created. do you think it was probably the ftp thing i did?

Related Forum Topics:



If you would like to participate in the forum discussions, feel free to register for your free membership.