Are the two startup files normal?

[john]

The path in which the files located is :\windows\system32\mshta.exe.

One registry file is located in
HKEY_CLASSE-ROOT\htafile\shell\open\command(mshta.exe"%1"%*)

The other registry file is in
HKEY_LOCAL_MACHINE\Software\CLASSES\htafiles\shell\open\command(mshta.exe"%1"%*)

Are they normal or malicious? Thank you.

 

[Taurarian]

Microsoft (R) HTML Application host - normal

Information:
http://www.auditmypc.com/process/mshta.asp

 

[Guest]

The path in which the files located is :\windows\system32\mshta.exe.

One registry file is located in
HKEY_CLASSE-ROOT\htafile\shell\open\command(mshta.exe"%1"%*)

The other registry file is in
HKEY_LOCAL_MACHINE\Software\CLASSES\htafiles\shell\open\command(mshta.exe"%1"%*)

Are they normal or malicious? Thank you.

mshta.exe is part of your operating system,it allows .hta applications to run.

 

[Ramesh, MS-MVP]

John,

mshta.exe (located in %Systemroot%\System32 folder ) is a valid system file
that runs the HTA applications (for example, the User Accounts applet). And,
both the registry locations that you posted points to the same item.

 

[Guest]

The path in which the files located is :\windows\system32\mshta.exe.

One registry file is located in
HKEY_CLASSE-ROOT\htafile\shell\open\command(mshta.exe"%1"%*)

The other registry file is in
HKEY_LOCAL_MACHINE\Software\CLASSES\htafiles\shell\open\command(mshta.exe"%1"%*)

Are they normal or malicious? Thank you.

How are these *startup* files? This looks like a file association
(i.e., what application to run when you double-click on a filetype).
That's like saying Notepad is a startup file because it has a filetype
association to txtfile (HKEY_CLASSES_ROOT\txtfile\shell\open\command,
default = "%SystemRoot%\system32\NOTEPAD.EXE %1").