Suspicious script in Help and Support

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

When I click Start | Help and Support, a McAfee warning window comes up
saying "A Suspicious Script Has Been Detected! The file
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe contains suspicious
scripting activity and has been stopped."

If I then click "Allow entire script this time", it comes up with a second
similar warning in C:\Documents and Settings\HP_Owner\Local
Settings\Temp\$$.JS. After I click "Allow entire script this time" again,
the warning goes away but nothing else happens (no Help and Support).

This is a brand-new computer with XP Home, and all the latest security
patches, and McAfee shows no viruses. What is wrong with it?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi Renny,

Right click on the HelpCtr.exe file and select properties.

This is the size I see, on WinXP Pro SP2
750 KB (768,512 bytes)

And version: 5.1.2600.2180

File version: (xpsp_sp2_rtm.040803-2158)

Do you have the same?

Also, delete the contents of the temp folder:
C:\Documents and Settings\HP_Owner\Local Settings\Temp

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/


Renny Bosch wrote:
> When I click Start | Help and Support, a McAfee warning
> window comes up saying "A Suspicious Script Has Been
> Detected! The file
> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe contains
> suspicious scripting activity and has been stopped."
> If I then click "Allow entire script this time", it comes
> up with a second similar warning in C:\Documents and
> Settings\HP_Owner\Local Settings\Temp\$$.JS. After I
> click "Allow entire script this time" again, the warning
> goes away but nothing else happens (no Help and Support).
> This is a brand-new computer with XP Home, and all the
> latest security patches, and McAfee shows no viruses. What is wrong
> with it?

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

My HelpCtr.exe has exactly the same info as you stated. When I tried to
delete the contents of the Temp folder, two files remained: IadHide5.dll
and JETC464.tmp. After deleting the rest I retried Start | Help and
Support, and got the same Suspicious Script warning as before.

I have had plenty of other, less obvious anomalies, such as Quicken no
longer scrolls in response to the wheel mouse, Quicken cannot access the
site for registration, once I got a "Virtual memory is running low" warning
(I have 512 MB RAM and 80 GB disk, and was running no more than 4 or 5
programs), etc.

Note: The system originally came with Norton Security Center on it. I
deleted it and installed McAfee instead.

Is it time to do a full system restore?



"Bert Kinney" <bert@NSmvps.org> wrote in message
news:O1eCywDcFHA.2520@TK2MSFTNGP09.phx.gbl...
> Hi Renny,
>
> Right click on the HelpCtr.exe file and select properties.
>
> This is the size I see, on WinXP Pro SP2
> 750 KB (768,512 bytes)
>
> And version: 5.1.2600.2180
>
> File version: (xpsp_sp2_rtm.040803-2158)
>
> Do you have the same?
>
> Also, delete the contents of the temp folder:
> C:\Documents and Settings\HP_Owner\Local Settings\Temp
>
> --
> Regards,
> Bert Kinney MS-MVP Shell/User
> http://dts-l.org/
>
>
> Renny Bosch wrote:
>> When I click Start | Help and Support, a McAfee warning
>> window comes up saying "A Suspicious Script Has Been
>> Detected! The file
>> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe contains
>> suspicious scripting activity and has been stopped."
>> If I then click "Allow entire script this time", it comes
>> up with a second similar warning in C:\Documents and
>> Settings\HP_Owner\Local Settings\Temp\$$.JS. After I
>> click "Allow entire script this time" again, the warning
>> goes away but nothing else happens (no Help and Support).
>> This is a brand-new computer with XP Home, and all the
>> latest security patches, and McAfee shows no viruses. What is wrong with
>> it?
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Hi Renny,

If when you say restore, you refer to a clean install, that fix all
the errors. And insure that Norton is removed completely. I would also
suggest not installing McAfee either. Make sure to backup anything you
do not want to loose. Here are some suggestions for virus and malware
removal and prevention.
http://bertk.mvps.org/html/spyware.html

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/

Renny Bosch wrote:
> My HelpCtr.exe has exactly the same info as you stated. When I tried
> to delete the contents of the Temp folder,
> two files remained: IadHide5.dll and JETC464.tmp. After
> deleting the rest I retried Start | Help and Support, and
> got the same Suspicious Script warning as before.
> I have had plenty of other, less obvious anomalies, such
> as Quicken no longer scrolls in response to the wheel
> mouse, Quicken cannot access the site for registration,
> once I got a "Virtual memory is running low" warning (I
> have 512 MB RAM and 80 GB disk, and was running no more
> than 4 or 5 programs), etc.
> Note: The system originally came with Norton Security
> Center on it. I deleted it and installed McAfee instead.
>
> Is it time to do a full system restore?
>
>
>
> "Bert Kinney" <bert@NSmvps.org> wrote in message
> news:O1eCywDcFHA.2520@TK2MSFTNGP09.phx.gbl...
>> Hi Renny,
>>
>> Right click on the HelpCtr.exe file and select
>> properties. This is the size I see, on WinXP Pro SP2
>> 750 KB (768,512 bytes)
>>
>> And version: 5.1.2600.2180
>>
>> File version: (xpsp_sp2_rtm.040803-2158)
>>
>> Do you have the same?
>>
>> Also, delete the contents of the temp folder:
>> C:\Documents and Settings\HP_Owner\Local Settings\Temp
>>
>> --
>> Regards,
>> Bert Kinney MS-MVP Shell/User
>> http://dts-l.org/
>>
>>
>> Renny Bosch wrote:
>>> When I click Start | Help and Support, a McAfee warning
>>> window comes up saying "A Suspicious Script Has Been
>>> Detected! The file
>>> C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe
>>> contains suspicious scripting activity and has been stopped."
>>> If I then click "Allow entire script this time", it
>>> comes up with a second similar warning in C:\Documents and
>>> Settings\HP_Owner\Local Settings\Temp\$$.JS. After I
>>> click "Allow entire script this time" again, the warning
>>> goes away but nothing else happens (no Help and
>>> Support). This is a brand-new computer with XP Home, and all the
>>> latest security patches, and McAfee shows no viruses.
>>> What is wrong with it?