> "BillR" <(E-Mail Removed)> wrote:
>Isn't HTAstop quite an old tool? Wilders.org is a good site to visit, just
>beware of dated information. It is not well (evenly) maintained.
>"John Corliss" <(E-Mail Removed)#> wrote in message
>> Not to say that it isn't worth it to visit Wilders.org (because it's a
>> great site!) but the actual web page for the program is here:
>> http://www.nsclean.com/htastop.html
I'm not sure exactly when this version was written. I do know I've
been exploited without reason twice.
From the URL John provided:
"In the new "HTASTOP 2003" release, the entire MSHTA program is
removed and replaced with the NOTEPAD applet. When an HTA script is
encountered, or the machine is forced to run MSHTA by a rogue site,
NOTEPAD will popup instead and display the contents of the HTA script
without running it. If you wish to, or NEED to run the HTA script,
then ENABLE HTA and then reload the item in question. This latter
feature was added for the rare situations where your network
administrator or other trusted source needs to use HTA."
More inportant info:
"CONTROL PANEL PROBLEM - WIN2000 AND XP
For reasons that only Microsoft can explain, recent Windows updates
have changed the functionality of some items in the Control Panel
applet. If you select "USER ACCOUNTS" or "ADD/REMOVE PROGRAMS" Control
Panel may not respond or will open Notepad with an error message
instead. This is because Microsoft has decided to replace the original
Control Panel programs with actual HTA SCRIPTING! Since HTA has been
stopped, this too will also be stopped because the MSHTA.EXE program
which HTAStop stops is not available.
The solution to this problem is to run HTAStop and PERMIT HTA long
enough to do what you need to do, then turn it back off again so as to
protect your security. Microsoft is using MSHTA for these Control
Panel functions now, and HTAStop has blocked MSHTA.EXE from running.
HTASTOP SAYS HTA NOT FOUND
This is actually good news - it means that either you never installed
the Windows Scripting Host (WSH) or have removed it. HTA exploits
depend on the presence of the Windows Scripting Host and if HTAstop
indicates that it can't find "HTA" then you're safe for now. Be
mindful though that Microsoft depends on WSH and its many protocols as
part of their future "Microsoft dotNET" strategy and will want to
reinstall all of the components (including HTA) whenever you upgrade
or patch Windows. What this means is that while you may not have it
now, it can be reinstalled at any time by Microsoft without any
warning. You'll want to check up on this using HTAstop any time you do
a Windows update or install any new software, patches or upgrades."
--
Pricelessware:
http://www.pricelessware.org
http://www.pricelesswarehome.org
Similar Threads
