Mshta.exe Virus


Virus infections are some of the worst things that can happen to your computer, especially if the virus is of the Trojan horse type. This kind of malicious malware is all over the internet and is one of the worst threats that you can encounter online. Recently, infections from a new Trojan called Mshta.exe have been reported. Therefore, in the next article we will attempt to acquaint our readers with all the essential information that they might need in order to protect their computer system from the new threat.

Introduction to Trojans

As you probably already know, Trojans are some of the most widely spread type of malware. Hackers use these viruses for all sorts of illegal tasks. The versatility of viruses such as Mshta.exe is one of the reasons why they are so common and frequently used. Another reason why Trojans are such a big problem is the fact that in many cases there are almost no symptoms of a Trojan horse infection. Oftentimes the user remains completely unaware that a virus has attacked their system until it is way too late. In some instances, you might notice certain signs of a Trojan horse attack such as system slow-down, sudden crashes and freezes and obscure and shady-looking online banners. However, this is now always the case – as we already said, it is possible that the virus remains completely undetected.

What are the potential uses of Mshta.exe?

As stated above, the different potential tasks that a typical Trojan horse can be used for vary greatly. Here, we will attempt to list some of the most frequent ways, via which those viruses are employed, however, bear in mind that this is by no means a full list of the possible uses of a Trojan virus.

  • Botnets and mining – Commonly, malware of this type is used to turn people’s computers into mining tools for bitcoins or as spam-bots as part of a bigger network. In both cases the PC is forced to execute tasks that benefit the hacker and use up most of the available system resources.
  • Personal data theft – Another frequent use of Trojans is when they are employed as spying tools. There are several different ways, via which malware like Mshta.exe can spy on you. One option is the so called keystroke logging that allows the hacker to see what you type using your keyboard. Another possibility is that the virus monitors your computer screen, displaying it to the cyber-criminal. On top of that, some Trojans might even use your own webcam to directly see into your room, even when you think the cam has been disabled.
  • Money theft – Via the keystroke logging espionage method, the hacker could gain the passwords for your online bank accounts. This would allow them to access your accounts and extract all money that has been stored there. Days might pass before you find out that your money has been stolen and by that time it would certainly be too late to do anything about it.
  • PC destruction – One more common use of Trojans is the total destruction of your computer system. Some viruses like Mshta.exe can delete personal files, or corrupt essential system data needed for the proper functioning of your PC. In some cases your PC system might get so heavily damaged by the virus that even a re-install will not be able to fix it and your machine would be rendered completely unusable.
  • Ransomware distribution – With the rise of the malicious Ransomware type of viruses, another use of Trojans is becoming exceedingly common. Trojan Horses can also be used as a backdoor into people’s computers. That way other noxious software such as Ransomware can easily get inside your machine while remaining totally undetected.

Tips for ensuring the security of your system

It should be quite obvious by now just how important it is to avoid infections with Mshta.exe and other dangerous malware. That is why we strongly advise you to make a mental note of the following tips and make sure to use them from now on:

  • Be extremely careful with your e-mails and other messages that get sent to you, regardless of the platform and the sender. Junk mail and malicious hyperlinks within text messages are some of the most common methods for spreading noxious programs such as Trojan horse viruses.
  • Never visit or download content from websites that are illegal or suspicious. Wandering into the darker corners of the web has never been a good idea and if you are willing to keep your computer safe and sound, you should stick only to sites that you know you can trust.
  • Get your machine a good and trusty security program and make sure to frequently update it. Also, run regular scans of your whole system and make sure that the anti-virus software is constantly enabled, especially when you are connected to the internet.


Name Mshta.exe
Type Trojan
Danger Level High (Trojans are often used as a backdoor for Ransomware)
Symptoms In some cases, there might be a slow-down of your computer’s productivity, freezes, system errors or even PC crashes. However, often there will be no symptoms of infection at all.
Distribution Method Common distribution techniques for Trojans are malicious links, spam e-mails, illegal torrents and certain types of obscure/shady websites.
Detection Tool

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.

Mshta.exe Virus Removal


Mshta.exe Virus

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Mshta.exe Virus

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Mshta.exe Virus

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

Mshta.exe Virus

Type msconfig in the search field and hit enter. A window will pop-up:

Mshta.exe Virus

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Mshta.exe Virus

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Mshta.exe Virus

If there are suspicious IPs below “Localhost” – write to us in the comments.


Mshta.exe Virus

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


  • This step is very important, because you can catch other threats (like Ransomware and Spyware) while looking for the Adware process.

Right click on each of the virus processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.

Mshta.exe Virus

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Mshta.exe Virus

If all the prior steps fail to help you or you have reason to believe your system is exposed to threats like Ransomware, we advise you to download a professional scanner and remover.

Remember to leave us a comment if you run into any trouble!


About the author


Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.


  • After a week of dealing with this issue as a pop up, I followed your instructions and it took me to the file where the pop up was. After deleting the file
    i became pop up free once again. THANK YOU for your simple yet accurate method for helping me keep what little hair I have left.

  • Yeah man thank you guys/girls for this we need more people like this cause now days everyone care about money and attention over passion and just helping ppl back in the day there would be so many people posting ways how to remove this stuff and other stuff. Now we have spybot malware bytes selling there program and spybot is now a damn virus and is totally different plus the gov is killing the internet man its all fucked up.

Leave a Comment