that is through the beta webmail.
Answer
I just started having that same problem about an hour or so ago as well. It (so far) only happens when I try to open Yahoo! Mail Beta, and -- judging by all the other questions and answers that have started popping up on Answers in the last 5 or 6 hours -- is connected to Yahoo! Mail Beta specifically. Do a search here on Answers, and you'll find a lot more info on the current problem.
According to most of the major online anti-virus sites (and a few I hadn't even heard of), W32.Feebs spreads in two ways:
(1) Through e-mails disguised as security warnings of some sort, using random security-related names and subject lines. It gives you a log-in name and a password (for some reason I haven't figured out yet) and instructs you to open the attached file. The attached file is an .HTA file.
(2) Through files obtained from peer-to-peer (P2P) file-sharing networks (Limewire, Bearshare, torrent sites, etc). The file looks like a cracked version of one of several popular computer programs, and usually has something in the filename like "full version + crack" or something.
According to the anti-virus sites, opening one of these is the only way to be infected by this worm. Supposedly, it can't execute itself. The user has to actually attempt to run the file.
That being said, a lot of people on here are suddenly reporting this same problem today, and, in pretty much every case, it happens when they try to access Yahoo! Mail Beta (the regular Yahoo! Mail doesn't seem to have the same problem).
Also, one of the other answerers on here said that he'd talked to Yahoo! tech support, and they were working on the problem on their end. He didn't go into tons of detail, but it sounded like THEY have the virus and are currently trying to get rid of it. I don't know if that's true, because I'm reporting second hand info (so don't hold me to it), but it's worth investigating further.
From what I'm hearing, I'm hoping this is a false alarm resulting from some sort of miscommunication between Yahoo! Mail Beta and the anti-virus progs. Or that it's a problem on Yahoo's servers and not actually infecting our computers. Either way. All I know is that, if Yahoo! Beta infected my computer, I will be very angry...
When you get the warning from Norton (which is what I have also), does it say that the infected file is in \Local Settings\Temporary Internet Files\Content.IE5\(some long string of numbers and letters), and that it can't repair this file because access to it is denied? Just wondering if we're all having the exact same problem...
Anyway, I'm going to keep digging (and scanning), and will add whatever info here I can find.
Good luck! Hopefully this is just a false alarm...
I just started having that same problem about an hour or so ago as well. It (so far) only happens when I try to open Yahoo! Mail Beta, and -- judging by all the other questions and answers that have started popping up on Answers in the last 5 or 6 hours -- is connected to Yahoo! Mail Beta specifically. Do a search here on Answers, and you'll find a lot more info on the current problem.
According to most of the major online anti-virus sites (and a few I hadn't even heard of), W32.Feebs spreads in two ways:
(1) Through e-mails disguised as security warnings of some sort, using random security-related names and subject lines. It gives you a log-in name and a password (for some reason I haven't figured out yet) and instructs you to open the attached file. The attached file is an .HTA file.
(2) Through files obtained from peer-to-peer (P2P) file-sharing networks (Limewire, Bearshare, torrent sites, etc). The file looks like a cracked version of one of several popular computer programs, and usually has something in the filename like "full version + crack" or something.
According to the anti-virus sites, opening one of these is the only way to be infected by this worm. Supposedly, it can't execute itself. The user has to actually attempt to run the file.
That being said, a lot of people on here are suddenly reporting this same problem today, and, in pretty much every case, it happens when they try to access Yahoo! Mail Beta (the regular Yahoo! Mail doesn't seem to have the same problem).
Also, one of the other answerers on here said that he'd talked to Yahoo! tech support, and they were working on the problem on their end. He didn't go into tons of detail, but it sounded like THEY have the virus and are currently trying to get rid of it. I don't know if that's true, because I'm reporting second hand info (so don't hold me to it), but it's worth investigating further.
From what I'm hearing, I'm hoping this is a false alarm resulting from some sort of miscommunication between Yahoo! Mail Beta and the anti-virus progs. Or that it's a problem on Yahoo's servers and not actually infecting our computers. Either way. All I know is that, if Yahoo! Beta infected my computer, I will be very angry...
When you get the warning from Norton (which is what I have also), does it say that the infected file is in \Local Settings\Temporary Internet Files\Content.IE5\(some long string of numbers and letters), and that it can't repair this file because access to it is denied? Just wondering if we're all having the exact same problem...
Anyway, I'm going to keep digging (and scanning), and will add whatever info here I can find.
Good luck! Hopefully this is just a false alarm...
What is Mshta.exe and why do I have multiple instances of it in my processes?
http://www.threatexpert.com/report.aspx?md5=bfc8f22303d05577e5b6de831b403c31
Took me a week to figure this out and I thought I'd share it. It starts with some crap called SafetyCenter. You can easily clean that up but it still leaves behind the Autorun Tasks it created. Once every hour Mshta.exe tries to access a Malware site. If you don't end them, they will eventually add up and eat your resources. If you have a decent firewall, it won't hurt you. It just takes up lots of memory. Go to that link. WARNING: Do not delete files you're unsure of. Instead. Go to C:Windows/System or System32/Tasks folder and delete all the task. Job done! No more Mshta.exes! It's not a virus and it won't hurt you, it's just annoying and hogs up resources. The main thing that helped me find this, was ESET's 30 day trial of a 3 in 1 package. Anti-Virus/Anti-Spyware/Firewall. It would alert me that Mshta.exe was trying to access some weird website! Out of 15 different programs they were the only ones that would give me ANY information! TY ESET!
Hope this helps! All the answers I've seen to this Mshta.exe problem do not help in anyway.
Answer
You were like answering your own question. Okay, apparently you are on to something. You did not research well what you are saying and doing.
Number one - Mshta.exe is part of the Windows OS and if you keep doing what you are doing you may create your own problems and mess up your Computer big time when you mess up Windows.
mshta.exe - mshta - Process Information
http://www.liutilities.com/windows-process/mshta-exe/
Windows errors related to mshta.exe? mshta.exe is a part of Microsoft Windows Operating System which is needed to execute .HTA files.
mshta.exe file information....
The process Microsoft (R) HTML Application host belongs to the software Microsoft Windows Operating System or mshta.exe or Yazzle by OIN or MediaTickets by OIN or Windows Internet Explorer or WindowsR Internet Explorer by Microsoft Corporation (www.microsoft.com).
mshta.exe
http://www.auditmypc.com/process/mshta.asp
mshta.exe known as Microsoft HTML Applications mshta, has the following information and may help up understand this process better.
mshta.exe description
http://www.processlibrary.com/directory/files/mshta/
mshta.exe is a part of Microsoft Windows Operating System which is needed to execute .HTA files. "This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.
I strongly recommend you review the real information about "Mshta.exe" - what it is as part of the Windows OS, how it interacts why and when etc - and then repost a question if you are having a security issue. The idea is that Windows is not doing anything in the way of malware because it is not malware. If there is a security issue - then it is coming from malware, not Windows obviously.
The tip here on immediate face value of the information links posted is that it OBVIOULY as part of Windows is interacting with ".HTA Files" upon your command or malware. What are .HTA files ?
UH OH.... you may have damaged your Registry....suggested to immediately stop what you are doing ! READ:
Cannot access HTA files on windows?
http://filext.com/file-extension/HTA
When windows gives you an error message saying that it
"Cannot open HTA files", this means either:
A. You need to identify a program that can open the file
B. Or your registry may be damaged
How to Identify Files (file extensions Search Engine)
Detailed information for file extension HTA:
http://filext.com/file-extension/hta
Primary association: Hemera
Company: Hemera Technologies Inc.
Mime type: application/hta
Program ID: HemeraThumbnail.Archive
Other applications associated with file type HTA:
* Hypertext ApplicationRun applications from HTML documents. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension. The Mime types used with this association are: application/hta.
* Tonline BSW4 File
MALWARE PROBLEM INFO.... YOUR PC IS INFECTED !
Remove Safety Center, removal instructions
Safety Center is a rogue security program that reports false and exaggerated system security threats to convince you that your computer is infected.
www.2-spyware.com/remove-safety-center.html
STOPPING A PROCESS DOES NOT REMOVE THE THREAT AND IT WILL CONTINUALLY RUN EVERY START UP UNTIL REMOVED. SCAN WITH QUALITY ANTIVIRUS AND ANTISPYWARE ASAP !
YOUR INFORMATION IS INJURIOUS TO OTHER USERS AS YOU SAY TO DELETE PART OF THE WINDWOS OS AND DON'T DO IT !
QUOTED>>> "Go to C:Windows/System or System32/Tasks folder and delete all the task"
Windows system32 is the Dynamic Link Library as a sort of "crossroads" of all of Windows and other softwares installed and is integrated into the Windows Registry as well. It is sort of like a bookmark bank that opens and closes and allows software and Windows to operate properly as expected for all the various navigation and tasks and computing one does on a PC. DO NOT DELETE SYSTEM32 FILES OR YOU MAT RENDER WINDOWS AND/OR OTHER SOFTWARES INOPERABLE ! Unless you are experienced - DON'T TOUCH IT ~ allow quality security products to properly and safely remove any malware .DLL file which is what the System32 is full of - the .DLL files for actual system function itself. You have been warned !
STRONGLY RECOMMENDED: INSTALL = UPDATE = SCAN
Windows OneCare Antivirus is now Free
About Microsoft Security Essentials (5* Stars!)
http://www.microsoft.com/security_essentials/
SUPERAntiSpyware [working-freeware, and premium version] 4*
http://www.superantispyware.com/
Google Pack with PCTools Spyware Doctor 4*
http://pack.google.com/intl/en/pack_installer.html?hl=en&gl=us
Microsoft AntiSpyware is now Windows Defender
http://www.microsoft.com/athome/security/spyware/software/default.mspx
a-squared trojan remover (Free Working Version for life and Proactive Premium Version)
http://www.emsisoft.com/en/software/free/
You were like answering your own question. Okay, apparently you are on to something. You did not research well what you are saying and doing.
Number one - Mshta.exe is part of the Windows OS and if you keep doing what you are doing you may create your own problems and mess up your Computer big time when you mess up Windows.
mshta.exe - mshta - Process Information
http://www.liutilities.com/windows-process/mshta-exe/
Windows errors related to mshta.exe? mshta.exe is a part of Microsoft Windows Operating System which is needed to execute .HTA files.
mshta.exe file information....
The process Microsoft (R) HTML Application host belongs to the software Microsoft Windows Operating System or mshta.exe or Yazzle by OIN or MediaTickets by OIN or Windows Internet Explorer or WindowsR Internet Explorer by Microsoft Corporation (www.microsoft.com).
mshta.exe
http://www.auditmypc.com/process/mshta.asp
mshta.exe known as Microsoft HTML Applications mshta, has the following information and may help up understand this process better.
mshta.exe description
http://www.processlibrary.com/directory/files/mshta/
mshta.exe is a part of Microsoft Windows Operating System which is needed to execute .HTA files. "This program is a non-essential system process, but should not be terminated unless suspected to be causing problems.
I strongly recommend you review the real information about "Mshta.exe" - what it is as part of the Windows OS, how it interacts why and when etc - and then repost a question if you are having a security issue. The idea is that Windows is not doing anything in the way of malware because it is not malware. If there is a security issue - then it is coming from malware, not Windows obviously.
The tip here on immediate face value of the information links posted is that it OBVIOULY as part of Windows is interacting with ".HTA Files" upon your command or malware. What are .HTA files ?
UH OH.... you may have damaged your Registry....suggested to immediately stop what you are doing ! READ:
Cannot access HTA files on windows?
http://filext.com/file-extension/HTA
When windows gives you an error message saying that it
"Cannot open HTA files", this means either:
A. You need to identify a program that can open the file
B. Or your registry may be damaged
How to Identify Files (file extensions Search Engine)
Detailed information for file extension HTA:
http://filext.com/file-extension/hta
Primary association: Hemera
Company: Hemera Technologies Inc.
Mime type: application/hta
Program ID: HemeraThumbnail.Archive
Other applications associated with file type HTA:
* Hypertext ApplicationRun applications from HTML documents. Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension. The Mime types used with this association are: application/hta.
* Tonline BSW4 File
MALWARE PROBLEM INFO.... YOUR PC IS INFECTED !
Remove Safety Center, removal instructions
Safety Center is a rogue security program that reports false and exaggerated system security threats to convince you that your computer is infected.
www.2-spyware.com/remove-safety-center.html
STOPPING A PROCESS DOES NOT REMOVE THE THREAT AND IT WILL CONTINUALLY RUN EVERY START UP UNTIL REMOVED. SCAN WITH QUALITY ANTIVIRUS AND ANTISPYWARE ASAP !
YOUR INFORMATION IS INJURIOUS TO OTHER USERS AS YOU SAY TO DELETE PART OF THE WINDWOS OS AND DON'T DO IT !
QUOTED>>> "Go to C:Windows/System or System32/Tasks folder and delete all the task"
Windows system32 is the Dynamic Link Library as a sort of "crossroads" of all of Windows and other softwares installed and is integrated into the Windows Registry as well. It is sort of like a bookmark bank that opens and closes and allows software and Windows to operate properly as expected for all the various navigation and tasks and computing one does on a PC. DO NOT DELETE SYSTEM32 FILES OR YOU MAT RENDER WINDOWS AND/OR OTHER SOFTWARES INOPERABLE ! Unless you are experienced - DON'T TOUCH IT ~ allow quality security products to properly and safely remove any malware .DLL file which is what the System32 is full of - the .DLL files for actual system function itself. You have been warned !
STRONGLY RECOMMENDED: INSTALL = UPDATE = SCAN
Windows OneCare Antivirus is now Free
About Microsoft Security Essentials (5* Stars!)
http://www.microsoft.com/security_essentials/
SUPERAntiSpyware [working-freeware, and premium version] 4*
http://www.superantispyware.com/
Google Pack with PCTools Spyware Doctor 4*
http://pack.google.com/intl/en/pack_installer.html?hl=en&gl=us
Microsoft AntiSpyware is now Windows Defender
http://www.microsoft.com/athome/security/spyware/software/default.mspx
a-squared trojan remover (Free Working Version for life and Proactive Premium Version)
http://www.emsisoft.com/en/software/free/
Powered by Yahoo! Answers
Comments :
Post a Comment