Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows help and support windows keep popping up


  • This topic is locked This topic is locked
19 replies to this topic

#1 raylicker1

raylicker1

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:38 AM

Posted 16 August 2014 - 01:52 PM

 Randomly windows help and support page pops up and I can not close. I can not open start  to shut down. If I try to go somewhere on firefow a whole bunch of searce windows pop up for help and support


Edited by Orange Blossom, 20 August 2014 - 09:53 PM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,226 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:38 AM

Posted 16 August 2014 - 08:34 PM

That sounds like a virus, as the helppane.exe file shouldn't just launch on it's own. There are known viruses that disguise themselves as the helppane program. If you go into Task Manager, look for the helppane.exe process. If it is using a sizeable amount of CPU resources, or if it's misspelled, like heplPane.exe, then it's likely a virus.

The fact that your browser keeps opening new search windows is also an indicator this could be a virus.

 

Ask the forum moderator to move this to the Am i infected? forum.



#3 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 05 August 2015 - 07:07 AM

HI. I have the same problem..
I have tried 'almost' everything.. (I still have the problem)

 

Ok I looked at the helppane.exe when the popup came back.. (I was using Google Chrome ( as it seems to contain the popups to one window rather in IE you get 20+ windows))

 

in Windows task manager the name for the file is ( HelpPane.exe ) just want to make sure is the Capitals classed as misspelt?
If so how do I fix..

Thanks

Scottty

 



#4 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 AM

Posted 05 August 2015 - 08:37 AM

Hello,
 
please download MiniToolBox by Farbar and save it to your desktop.
 
Run tool as Administrator and make sure that these options are checked :
 

  • Flush DNS
  • Reset IE Proxy Settings
  • Reset FF Proxy Settings
  • List Installed Programs

Post log here .
 
Step 2
 
Download TFC by OldTimer and save it to your desktop.
 
Run it as Administrator and click on Start button.
 
If programs need reboot, allow it to do so.
 
NOTE: IF your desktop disappears, don't panic, it's normal.

 

Step 3

 

Scan with Norton Power Eraser

CAUTION: NPE uses aggressive methods to detect and remove malware,so do not touch any of settings !

Download NPE by Symantec and save it to your desktop.

Run the tool as Administrator,accept license agreement,and click  Scan button.

Program will ask you to reboot to continue scanning (includes rootkit scan),so allow it to restart.

After restart program will automatically launch itself and start scanning. Scanning takes 5-10 minutes,so be patient !

If malware is detected,make sure that Create restore point option is checked,then click Fix button. After that,click on Restart now to complete removal.

 

Step 4

 

Scan with Malwarebytes AntiRootkit
 
Please download MBAR and save it to your desktop.
 
Run tool as Administrator, tool will extract itself, and then launch.
 
Click Next to accept terms and conditions, and click Update to obtain latest definitions.
 
If malware is found click on Cleanup button , but make sure that Create restore point option is checked before proceeding !
 
Program will ask you to restart, allow it to do so.

Note: If you're experiencing internet connection issues or other anomalies after running MBAR and removal of rootkits, it is recommended to run fixdamage.exe located inside mbar folder. Run it as Administrator and press Y if asks you do you want to continue.



#5 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 August 2015 - 02:43 AM

where would the log be?

I ran minitoolbox, It did its thing then vanished.. 



#6 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 August 2015 - 02:48 AM

All good.

Here is you log.

 

It wont let me attach the file so here it is......

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by Cathi (administrator) on 06-08-2015 at 17:40:24
Running from "C:\Users\Cathi\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Model: To Be Filled By O.E.M. Manufacturer: To Be Filled By O.E.M.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
=========================== Installed Programs ============================
 
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{06A333EA-4E9D-4848-865F-FE5A1E12AB30}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.7.0 - Asmedia Technology)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.130 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation)
iTunes (HKLM\...\{8A99C2B8-2B40-46B2-B900-621DC8E177CF}) (Version: 12.2.1.16 - Apple Inc.)
Kaspersky Total Security (HKLM-x32\...\{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab) Hidden
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
 
**** End of log ****

Edited by Scottty, 06 August 2015 - 02:49 AM.


#7 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 AM

Posted 06 August 2015 - 03:02 AM

Have you ran rest of tools ?



#8 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 August 2015 - 03:15 AM

Nope not yet was waiting your reply about this.



#9 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 August 2015 - 03:30 AM

Result of TFC

 

Getting user folders.
 
Stopping running processes.
 
Emptying Temp folders.
 
 
User: All Users
 
User: Cathi
->Temp folder emptied: 32665 bytes
->Temporary Internet Files folder emptied: 9986623 bytes
->Google Chrome cache emptied: 12307466 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 844 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
 
Emptying RecycleBin. Do not interrupt.
 
RecycleBin emptied: 3536808 bytes
Process complete!
 
Total Files Cleaned = 25.00 mb
 


Edited by Scottty, 06 August 2015 - 03:31 AM.


#10 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 August 2015 - 03:44 AM

NPE has found one 'bad' file..
It wont do a restore point.
file name is trst64.exe
Do I proceed with out Restore point or is it too risky?



#11 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 AM

Posted 06 August 2015 - 04:01 AM

You mean FRST64.exe ? It's a safe file,but you can remove it if you wish,it's not critical file.



#12 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 August 2015 - 04:05 AM

ok ill give her a go. yes it frst.exe

 

I'll run MBAR next and let you know the result


Edited by Scottty, 06 August 2015 - 04:07 AM.


#13 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 AM

Posted 06 August 2015 - 04:15 AM

Okay.



#14 Scottty

Scottty

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 06 August 2015 - 04:59 AM

nothing found.



#15 Firehouse

Firehouse

  • Members
  • 637 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:38 AM

Posted 06 August 2015 - 05:00 AM

How is the situation ?






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users