Suspicious script in Help and Support

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi Renny,

Right click on the HelpCtr.exe file and select properties.

This is the size I see, on WinXP Pro SP2
750 KB (768,512 bytes)

And version: 5.1.2600.2180

File version: (xpsp_sp2_rtm.040803-2158)

Do you have the same?

Also, delete the contents of the temp folder:
C:\Documents and Settings\HP_Owner\Local Settings\Temp

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/


Renny Bosch wrote:
> When I click Start | Help and Support, a McAfee warning
> window comes up saying "A Suspicious Script Has Been
> Detected! The file
> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe contains
> suspicious scripting activity and has been stopped."
> If I then click "Allow entire script this time", it comes
> up with a second similar warning in C:\Documents and
> Settings\HP_Owner\Local Settings\Temp\$$.JS. After I
> click "Allow entire script this time" again, the warning
> goes away but nothing else happens (no Help and Support).
> This is a brand-new computer with XP Home, and all the
> latest security patches, and McAfee shows no viruses. What is wrong
> with it?

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi Renny,

If when you say restore, you refer to a clean install, that fix all
the errors. And insure that Norton is removed completely. I would also
suggest not installing McAfee either. Make sure to backup anything you
do not want to loose. Here are some suggestions for virus and malware
removal and prevention.
http://bertk.mvps.org/html/spyware.html

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/

Renny Bosch wrote:
> My HelpCtr.exe has exactly the same info as you stated. When I tried
> to delete the contents of the Temp folder,
> two files remained: IadHide5.dll and JETC464.tmp. After
> deleting the rest I retried Start | Help and Support, and
> got the same Suspicious Script warning as before.
> I have had plenty of other, less obvious anomalies, such
> as Quicken no longer scrolls in response to the wheel
> mouse, Quicken cannot access the site for registration,
> once I got a "Virtual memory is running low" warning (I
> have 512 MB RAM and 80 GB disk, and was running no more
> than 4 or 5 programs), etc.
> Note: The system originally came with Norton Security
> Center on it. I deleted it and installed McAfee instead.
>
> Is it time to do a full system restore?
>
>
>
> "Bert Kinney" <bert@NSmvps.org> wrote in message
> news1eCywDcFHA.2520@TK2MSFTNGP09.phx.gbl...
>> Hi Renny,
>>
>> Right click on the HelpCtr.exe file and select
>> properties. This is the size I see, on WinXP Pro SP2
>> 750 KB (768,512 bytes)
>>
>> And version: 5.1.2600.2180
>>
>> File version: (xpsp_sp2_rtm.040803-2158)
>>
>> Do you have the same?
>>
>> Also, delete the contents of the temp folder:
>> C:\Documents and Settings\HP_Owner\Local Settings\Temp
>>
>> --
>> Regards,
>> Bert Kinney MS-MVP Shell/User
>> http://dts-l.org/
>>
>>
>> Renny Bosch wrote:
>>> When I click Start | Help and Support, a McAfee warning
>>> window comes up saying "A Suspicious Script Has Been
>>> Detected! The file
>>> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
>>> contains suspicious scripting activity and has been stopped."
>>> If I then click "Allow entire script this time", it
>>> comes up with a second similar warning in C:\Documents and
>>> Settings\HP_Owner\Local Settings\Temp\$$.JS. After I
>>> click "Allow entire script this time" again, the warning
>>> goes away but nothing else happens (no Help and
>>> Support). This is a brand-new computer with XP Home, and all the
>>> latest security patches, and McAfee shows no viruses.
>>> What is wrong with it?