MSHTML3.EXE - Dangerous

What you should do about MSHTML3.EXE:

Check Your PC Now
Your PC is infected. The file called MSHTML3.EXE is considered unsafe and there may be other infections on your PC.


You should urgently check your PC and remove any malicious software including MSHTML3.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,056,062 people have scanned with Prevx CSI and between them have checked 29.4 billion files. 66% of the PCs scanned had malware present.

What we know about MSHTML3.EXE:

The filename MSHTML3.EXE was first seen on Jun 30 2007 in The UNITED STATES. It has also been seen in the following geographical regions of the Prevx community:

  • The UNITED KINGDOM on Mar 29 2008
The filename MSHTML3.EXE refers to many versions of an executable program.

The most common file size is 72,704 bytes. But the following file size has also been seen:

  • 89,088 bytes

The filename is associated with the malware group TROJAN.PURITYSCAN.H.Some files using the name MSHTML3.EXE are also associated with the malware groups:
  • TROJAN.MKTROJAN.A
  • Downloader.Generic6.OTC
 These files have no vendor, product or version information specified in the file header.

MSHTML3.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • Can communicate with other computer systems using HTTP protocols
  • This Process Deletes Other Processes From Disk
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • This Process Creates Other Processes On Disk
  • Executes a Process
  • Executes Processes stored in Temporary Folders
  • Registers a Dynamic Link Library File
  • Adds Products to the system registry
  • Uses a Registered MAPI
  • Writes to another Process's Virtual Memory (Process Hijacking)
  • Makes outbound connections to other computers using NETBIOSOUT protocols
  • Downloads hidden code from covert web sites
  • Downloads program file(s) from the web
  • Creates new folders in the file system
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Visits web sites without the user knowing
  • This Process is a file infector which modifies program files to include a host a copy of the infection
  • Copies files
  • Enables an In Process Object/Server - Common with DLL Injections

MSHTML3.EXE has been the subject of the following behavior(s):

  • Created as a process on disk
  • Executed from Temporary Folders
  • Added as a Registry auto start to load Program on Boot up
  • Executed as a Process
  • Deleted as a process from disk
  • Terminated as a Process
  • Has code inserted into its Virtual Memory space by other programs
  • Registered as a Dynamic Link Library File

MSHTML3.EXE can also use the following file names:

  • OUTERINFOUPDATE.EXE
  • SDEXE.EXE
  • JAVAW.EXE
  • NOTEPAD.EXE
  • RUNDLL.EXE
  • CSRSS.EXE
  • NETDDE.EXE
  • REGSVR32.EXE
  • MSCONFIG.EXE
  • REGEDIT.EXE
  • PING.EXE
  • LSASS.EXE
  • SERVICES.EXE
  • FAST.EXE
  • USERINIT.EXE
  • WOWEXEC.EXE
  • EXPLORER.EXE
  • SCANREGW.EXE
  • CHKNTFS.EXE
  • TASKMGR.EXE
  • WINWORD.EXE
  • TRACERT.EXE
  • MMC.EXE
  • SPOOLSV.EXE
  • DLLHOST.EXE
  • MSHTA.EXE
  • WUCRTUPD.EXE
  • CHKDSK.EXE
  • WUAUBOOT.EXE
  • NSLOOKUP.EXE
  • SVCHOST.EXE
  • MSIEXEC.EXE
  • SMSS.EXE
  • WINLOGON.EXE
  • 52BB111D9BD57EC321481677EA96EE37.EXE
  • 80760872.SVD
  • NTVDM.EXE
  • DPTRMSIYFI-643.PMS.EXE
  • CMD.EXE
  • 36D22A976158B365AABAB6325B053E4B.EXE
  • DEXPLORE.EXE
  • DVDPLAY.EXE
  • ARPA.EXE
  • WUAUCLT.EXE
  • MSDTC.EXE
  • ALG.EXE
  • ATI2EVXX.EXE
  • NOPDB.EXE
  • WINSPOOL.EXE
  • WUACLT.EXE
  • RUNDLL32.EXE
  • LOGONUI.EXE