Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious Script


  • Please log in to reply
3 replies to this topic

#1 kimandallan

kimandallan

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 02 February 2006 - 03:29 PM

Hi there, can any 1 help? When i go into help and support from my start meue, i get the message Susspicious script stopped (by mcafee virus scan) the file helpctr.exe contains suspicious scripting activity.

Script Details
file helpctr.exe
Activity: the script is attempting to call the RegRead method within the Iwshshell3 object.
file path C:\windows\pchealth\helpctr\binarie

Status : the script execution has been stopped.

I dont know why i keep recieving this message its only when i go into help on my pc. If any 1 can advise me on what to, cheers Kim

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 34,847 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:06:15 AM

Posted 02 February 2006 - 03:50 PM

kimandallan,

This Link, gives you more information about the executable file. Unless it's corrupted causing the false positive. I don't see why McAfee is seeing it as suspicious. I don't use McAfee products so I can't say for sure. But is there a way to set it as an allowed file? One other thing is you may want to do is, online scans and make sure there isn't malware sitting in that file.

Here's a list of scans and anti-malware to use:

Run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Also this online Trojan scanner:
TrojanScan

Are you using these basic security programs?
(They're all free.)

aČ free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
ewido security suite - offers protection against urgently growing threats like Trojans, Worms, Dialers, Hijackers, Spyware and Keyloggers.
Ad-Aware - A good program similar to SpyBot S & D.
Spybot S&D - Detects and removes spyware, of different types, from your computer.
Spywareblaster - A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard - A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.

When installing ewido security suite, under Additional Options uncheck:
Install background guard
Install scan via context menu

Important:
Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.

Be (False Positive) Safe

Da Bleepin AniMod, Animal

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 kimandallan

kimandallan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 02 February 2006 - 05:59 PM

Many thanks for your help, i have found this in microsoft so im going to try that first, if it still dont work i will use your advice, many thanks again Kim.

The Help and Support Center does not run when the Data Execution Protection feature is turned on in Windows XP Service Pack 2
View products that this article applies to.
Article ID : 873158
Last Review : July 8, 2005
Revision : 2.2
SYMPTOMS
When you try to view a Help topic in the Help and Support Center for Microsoft Windows XP Service Pack 2, you receive the following message:
Data Execution Protections - Microsoft Windows
To help protect your computer, Windows has closed this program.
Name: Microsoft Help and Support Center
Data Execution Protection helps protect against damage from viruses or other threats. Some programs may not run correctly when it is turned on. For an updated version of this program, contact the publisher.
If you click Close Message, the Help and Support Center quits.
CAUSE
This problem occurs when an incompatible version of the common language runtime is installed on a computer that uses an AMD64 processor. When you try to view a Help topic, the Help and Support Center loads the Urlmon.dll file. Next, the Urlmon.dll file accesses the common language runtime. When the Urlmon.dll file accesses the incompatible version of the common language runtime, the Data Execution Protection feature starts and then prevents the Help and Support Center from running.
RESOLUTION
To resolve this problem, add the Help and Support Center (Helpctr.exe) to the Data Execution Protection exception list. To do this, follow these steps: 1. Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.
2. Click the Advanced tab, and then click Settings under Performance.
3. Click the Data Execution Prevention tab.
4. Click Turn on DEP for all programs and services except those I select.
5. Click Add, and then locate the Helpctr.exe file in the following folder:
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries
6. Click Open.
7. If the Help and Support Center check box is not selected, click to select the check box.
8. Click OK, and then restart your computer.

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section

#4 kimandallan

kimandallan
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 03 February 2006 - 04:28 AM

I did this, but the check box was already checked!

RESOLUTION
To resolve this problem, add the Help and Support Center (Helpctr.exe) to the Data Execution Protection exception list. To do this, follow these steps: 1. Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.
2. Click the Advanced tab, and then click Settings under Performance.
3. Click the Data Execution Prevention tab.
4. Click Turn on DEP for all programs and services except those I select.
5. Click Add, and then locate the Helpctr.exe file in the following folder:
C:\WINDOWS\PCHEALTH\HELPCTR\Binaries
6. Click Open.
7. If the Help and Support Center check box is not selected, click to select the check box.
8. Click OK, and then restart your computer.

So i will now try the advice that you gave me, thanks again Kim




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users