# mshta.exe virus or program? How to solve



## gbello

A pop came up in my computer and has frozen by Internet browser, I scanned with McAfee, it detected a virus/worm mshta.exe, I stop the script and shut down.

When I start up my computer again and went to my Internet properties this page is marked as my home page www.locators.com. I try changing the address to my original home page deleting the locators.com. When I go back to properties the locators page comes up again. If I open my browser the locators page comes up and freezes my computer. I'm not able to use my Internet browser or verify my emails. Please advise, Help!!!!!!!!!!!


----------



## MNMike

gbello,

When I looked on Symantec for the virus/worm, this is what comes up: http://securityresponse.symantec.com/avcenter/venc/data/vbs.elva.worm.html Follow the instructions at the bottom and that should get you going.

Mike


----------



## gbello

Thank you Mike!!

I use McAfee virus scan, do I need to run Norton instead??


----------



## Flrman1

This is a browser hijacker. Antivirus programs are not going to do much good with that. It may help with the mshta.exe but not the hijacker.

The best way to get rid of both is to post a Hijack this log and let someone advise you on what to remove.

Please do this. Go here http://www.tomcoyote.org/hjt/ and download Hijack This. Un Zip it and click on the Hijackthis.exe.

Click the "Scan" button when the scan is finished the scan button will become "Save Log" click that and save the log.

Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

Do NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. Someone here will be glad to advise you on what to fix.


----------



## Monstrous Mi

Here is another option. Go to this website http://www.kellys-korner-xp.com/xp_h.htm and find "Hijacking home page".

I have set google.ca as my home page and have locked it. That is, it cannot be changed unless I edit the registry. No problems thus far.


----------



## Flrman1

> _Originally posted by Monstrous Mi:_
> *Here is another option. Go to this website http://www.kellys-korner-xp.com/xp_h.htm and find "Hijacking home page".
> 
> I have set google.ca as my home page and have locked it. That is, it cannot be changed unless I edit the registry. No problems thus far. *


That's not going to get rid of the current hijacking as there will be registry entries and files that have to be removed. You will see on that page they recommend Hijack This.


----------



## gbello

Thank you, I will try this and get back to you.


----------



## Flrman1

:up:


----------



## MNMike

gbello,

Although I prefer Nortons, I'm not suggesting that you change. I just go to their site first when it comes to viruses/worms. The instructions should work anyways. 

Mike


----------



## Monstrous Mi

flrman 1:

You're right of course. I meant to preface my post by saying "Once the problem is fixed, prevent it from happening again by....yada, yada, yada".


----------



## Flrman1

No problem Monstrous Mi. 

It doesn't look like it matters much as gbello seems to have abandoned ship.


----------



## gbello

Hi, I'm trying to work with your recommendations but the issue is that I have to use another computer to verify my emails. I will get back to you between today and tomorrow.

Thanks again!


----------



## Flrman1

:up:


----------

