Anti-Trojan: HTAStop

  • Thread starter Thread starter REM
  • Start date Start date
R

REM

No install, run once! Pretty cool. There are other interesting tools
on this page also:


http://www.wilders.org/free_tools.htm

"HTAstop

We discovered a malicious tool that allows executables, trojans,
viruses etc, to be encoded and embedded DIRECTLY into web pages; no
links to click, no downloads to install to become infected. This is
considered a major danger for all Windows- users!

Within two days, we found PSC - authors from the well-known antitrojan
BOClean; see our anti-trojans page) to create a prevention tool,
HTAstop, to prevent your system being infected. An extensive
description from HTAstop can be found here. Screenshot available here.
The first link will lead you directly to our download page, were
HTAstop is available for fast download. Install it right away to keep
your systeem safe!"
 
REM said:
No install, run once! Pretty cool. There are other interesting tools
on this page also:


http://www.wilders.org/free_tools.htm

"HTAstop

We discovered a malicious tool that allows executables, trojans,
viruses etc, to be encoded and embedded DIRECTLY into web pages; no
links to click, no downloads to install to become infected. This is
considered a major danger for all Windows- users!

Within two days, we found PSC - authors from the well-known antitrojan
BOClean; see our anti-trojans page) to create a prevention tool,
HTAstop, to prevent your system being infected. An extensive
description from HTAstop can be found here. Screenshot available here.
The first link will lead you directly to our download page, were
HTAstop is available for fast download. Install it right away to keep
your systeem safe!"
Click to expand...

Not to say that it isn't worth it to visit Wilders.org (because it's a
great site!) but the actual web page for the program is here:

http://www.nsclean.com/htastop.html

and download is on this page:

http://www.wilders.org/downloads.htm
 
Isn't HTAstop quite an old tool? Wilders.org is a good site to visit, just
beware of dated information. It is not well (evenly) maintained.

BillR
 
"BillR" <[email protected]> wrote:
Click to expand...
Isn't HTAstop quite an old tool? Wilders.org is a good site to visit, just
beware of dated information. It is not well (evenly) maintained.
Click to expand...

I'm not sure exactly when this version was written. I do know I've
been exploited without reason twice.

From the URL John provided:

"In the new "HTASTOP 2003" release, the entire MSHTA program is
removed and replaced with the NOTEPAD applet. When an HTA script is
encountered, or the machine is forced to run MSHTA by a rogue site,
NOTEPAD will popup instead and display the contents of the HTA script
without running it. If you wish to, or NEED to run the HTA script,
then ENABLE HTA and then reload the item in question. This latter
feature was added for the rare situations where your network
administrator or other trusted source needs to use HTA."

More inportant info:

"CONTROL PANEL PROBLEM - WIN2000 AND XP

For reasons that only Microsoft can explain, recent Windows updates
have changed the functionality of some items in the Control Panel
applet. If you select "USER ACCOUNTS" or "ADD/REMOVE PROGRAMS" Control
Panel may not respond or will open Notepad with an error message
instead. This is because Microsoft has decided to replace the original
Control Panel programs with actual HTA SCRIPTING! Since HTA has been
stopped, this too will also be stopped because the MSHTA.EXE program
which HTAStop stops is not available.

The solution to this problem is to run HTAStop and PERMIT HTA long
enough to do what you need to do, then turn it back off again so as to
protect your security. Microsoft is using MSHTA for these Control
Panel functions now, and HTAStop has blocked MSHTA.EXE from running.

HTASTOP SAYS HTA NOT FOUND

This is actually good news - it means that either you never installed
the Windows Scripting Host (WSH) or have removed it. HTA exploits
depend on the presence of the Windows Scripting Host and if HTAstop
indicates that it can't find "HTA" then you're safe for now. Be
mindful though that Microsoft depends on WSH and its many protocols as
part of their future "Microsoft dotNET" strategy and will want to
reinstall all of the components (including HTA) whenever you upgrade
or patch Windows. What this means is that while you may not have it
now, it can be reinstalled at any time by Microsoft without any
warning. You'll want to check up on this using HTAstop any time you do
a Windows update or install any new software, patches or upgrades."
 
Back
Top