Erik said:
Every time I boot up my NAV recognizes a malicious script
found at C:\WINDOWS\ODBC.HTA. Before I request NAV to
stop the script, I pull up task manager and notice that
mshta.exe is trying to load. When NAV stops the script,
the mshta.exe dissappears. I'm not sure if the two are
related. I'm contemplating renaming odbc.hta. But it is a
hidden system file. Does anyone have any ideas? Thanx in
advance.
Go to Start > Run and type msconfig <enter> to see what's starting up at
boot time. Uncheck anything that looks like it's starting this script.
A Google search didn't turn up anything useful about odbc.hta, but you
might download, update, and run Ad-Aware
www.lavasoftusa.com and Spybot
Search & Destroy
www.safer-networking.org on general principals.
Although NAV isn't telling you that odbc.hta is itself a virus/trojan
(and nothing shows up under this name on the Symantec site) HTAs or HTML
Applications are potentially dangerous. See
http://www.nsclean.com/psc-exe2.html and
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/hta/overview/htaoverview.asp
Although ODBC is an acronym for something legitimate (Open DataBase
Connectivity), virus/trojan/malware creators often use names that are
the same or similar to real Windows filenames.
An HTA file should be written in HTML, just like a web page, so you can
use Notepad to open your odbc.hta file and take a look at what it's
doing. Looking at the file with Notepad will NOT cause it to execute,
so if it is malware, you don't have to worry.
