MSHTA

  • 1
  • Question
  • Updated 8 months ago
  • In Progress
Trend Micro keeps blocking MSHTA.exe and asking if I trust it? Is it a virus or to I allow it?
Photo of john.charles

john.charles

  • 140 Points 100 badge 2x thumb

Posted 9 months ago

  • 1
Photo of woodartisan55

woodartisan55, Champion

  • 8,116 Points 5k badge 2x thumb

Hi John. This is an answer to the same question from some time ago by one of the Trend Micro techs here:

Hi Tim, thanks for assisting!

Hi welcome to Trend Micro Community! 

To answer your question, mshta.exe is a part of Microsoft Windows Operating System which is needed to execute. HTA files.

If your Trend Micro Security keeps detecting mshta.exe, we suspect that there are some malicious files trying to execute mshta.exe. 

Could you try the following steps and check if the same symptom occurs:

Step1: Run an update manually

  1. Right-click on the Trend Micro system tray icon at the bottom right corner of your screen.
  2. Click "Check for Program Updates" and the About Your Software windows will appear and will automatically check for available updates.

Step2: Disconnect your Internet 

Step3: Perform a Full Scan
Running a scan using your Trend Micro Security software - refer to "Performing Quick or Full Scan"

Step4: Connect your Internet again

Please let us know if you were able to resolve your issue by trying the above. If still unsuccessful, we'll have to pass you to our support center for further investigation. Thank you.

(Edited)
Photo of john.charles

john.charles

  • 140 Points 100 badge 2x thumb
Thanks for the info.  I have completed all the above, nothing was found and the alerts are still coming through.
Photo of TM_Jedi

TM_Jedi

  • 190 Points 100 badge 2x thumb
Hi john.charles,

Can you verify the location of the mshta.exe file that is being detected by Trend Micro?

The legitimate file should be located at he legitimate Mshta.exe will be found at C:\WINDOWS\System32\mshta.exe. 

There are instances that a virus uses names similar to a legitimate windows file and place in other folders in an attempt to fool you into thinking it is a good file. 

If it is located on a different location then try to manually delete it.

Please inform us if the issue is resolved by this.

Thanks,
Jedi
Photo of jdg

jdg

  • 70 Points
Iperformt your suggestions without success. What can I do more?
Photo of TM_Ian

TM_Ian, Employee

  • 5,222 Points 5k badge 2x thumb
Hi @jdg,

Thank you for the update. I would highly recommend that you contact our Premium hotline for immediate assistance on this issue since there is a possible malware on your PC.

You may access the 24/7 Premium hotline on this link:

Contact Trend Micro Technical Support

We'll wait for your call. Have a great day! :)

Trend Micro Home Users Community
Photo of 123DoReMi123

123DoReMi123

  • 70 Points
Hello Jedi,

"The legitimate file should be located at he legitimate Mshta.exe will be found at C:\WINDOWS\System32\mshta.exe."

If I do find mshta.exe at this legitimate location, should I go ahead and click "trust this program?"

Thanks,

Lu
Photo of TM_Victor

TM_Victor, Employee

  • 4,942 Points 4k badge 2x thumb
Hi 123DoReMi123,

We still suggest to scan it first before trusting any software or application.

This is to ensure that it is safe to trust.

We hope this answers your concern.

Have a great weekend!

Trend Micro Home Users Community
Photo of 123DoReMi123

123DoReMi123

  • 70 Points
Hello Victor,

Thank you so much for replying so quickly. I did end up finding it in two separate folders:

C > Windows > System32 > MSHTA.EXE

C > Windows > SysWOW64 > MSHTA.EXE

When I right click on them to perform the Trend Micro Scan for Security Threats, the result is "No Threats Found."

At this point, do you feel that it would be safe to go ahead and "trust this program" in their respective locations (System32 & SysWOW64)?

Best Regards,

Lu
Photo of TM_Onini

TM_Onini, Employee

  • 692 Points 500 badge 2x thumb
Hi 123DoReMi123!

No, do not trust the program MSHTA.EXE. Trend Micro detects the program because there might be a malicious activity on it. I would highly recommend that you contact our Technical Support hotline for immediate assistance on this issue since there is a possible malware on your PC.

I hope this helps. :) 

Trend Micro Home Users Community
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 24,100 Points 20k badge 2x thumb
Hi 123DoReMi123


Welcome to TM Home users Community, a public site where volunteers try to help each-other , also there are TM Employees that can give answers, that is only at working hours. I am just a volunteer!

If you look with a right-click / properties and you reed this "Microsoft® HTML Application host" it should be right , special if it is in the folders you are talking about.
If they are in other places they are more suspicious.
On 2 computers here the same !

Kind regards,
Tom

This conversation is no longer open for comments or replies.