I think Ive done a dumb thing

[Mick]

I run WinXP and Kaspersky Internet Security I also have Spywareblaster
installed.
I was sent a rar file by a colleague. I scanned it with Kaspersky and got no
threats. Soon after I opened it, I got a warning that a file called pchealth
(helpctr.exe) was attempting to send data. I quarantined it. I then got the
message:
"Files that are required for windows have been replaced by unrecognised
versions. To maintain system stability Windows must restore the original
versions of these files". It asked me to insert CD2 (which I didn't have -
Windows came preloaded with my laptop and I don't have the CD) so (this is
the dumb part) I pressed cancel.
I am currently scanning my computer to work out whether I have infected my
laptop. Can anybody give me advice about what to do next?
Mick

 

[Victek]

I run WinXP and Kaspersky Internet Security I also have Spywareblaster
installed.
I was sent a rar file by a colleague. I scanned it with Kaspersky and got
no threats. Soon after I opened it, I got a warning that a file called
pchealth (helpctr.exe) was attempting to send data. I quarantined it. I
then got the message:
"Files that are required for windows have been replaced by unrecognised
versions. To maintain system stability Windows must restore the original
versions of these files". It asked me to insert CD2 (which I didn't have -
Windows came preloaded with my laptop and I don't have the CD) so (this is
the dumb part) I pressed cancel.
I am currently scanning my computer to work out whether I have infected my
laptop. Can anybody give me advice about what to do next?
Mick

Before you quarantined helpctr.exe did kasperksy flag it as malware? It is
a legitimate Windows file (if it hasn't been tampered with). You could
determine if the file is clean and if so restore it. The warning you're
getting about replacing Windows files may be coming up because helpctr.exe
is missing.

 

[Leythos]

I run WinXP and Kaspersky Internet Security I also have Spywareblaster
installed.
I was sent a rar file by a colleague. I scanned it with Kaspersky and got no
threats. Soon after I opened it, I got a warning that a file called pchealth
(helpctr.exe) was attempting to send data. I quarantined it. I then got the
message:

So, since RAR is not really the problem, what did the RAR uncompress
into? What file did the RAR contain?


--

Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[Mick]

Before you quarantined helpctr.exe did kasperksy flag it as malware? It

is a legitimate Windows file (if it hasn't been tampered with). You could
determine if the file is clean and if so restore it. The warning you're
getting about replacing Windows files may be coming up because helpctr.exe
is missing.

No, it didn't flag it as malware, it just flagged that it was trying to send
data.
Mick

 

[Mick]

The rar uncompressed into 3 files: another rar file (which I was suspicious
of and I think I did not touch), a file_id.diz file (which I also did not
touch) and an nfo file which I opened. It looked rather suspicious, so I did
not go any further and closed the rar.
Mick
Mick

 

[Mick]

No, it didn't flag it as malware, it just flagged that it was trying to

send data.
Mick

I have re-scanned my computer and it is clean - helpctr is in quarantine
with a warning of possible malware because of 'hidden data sending'.
Mick

 

[pcbutts1]

That's what happens when you download infected software cracks. Which one
was it?

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Mick]

That's what happens when you download infected software cracks. Which one
was it?

"Let him who is without sin cast the first stone" John 8:7

 

[Leythos]

The rar uncompressed into 3 files: another rar file (which I was suspicious
of and I think I did not touch), a file_id.diz file (which I also did not
touch) and an nfo file which I opened. It looked rather suspicious, so I did
not go any further and closed the rar.

Mick, are you hiding the information on what the files/contents was
because you're worried that someone might not like what was sent to you,
or because you're worried that pirating material might get you into
trouble.

You've posted several times, always not telling us what was downloaded,
which hinders the ability of those helping to target a solution to your
problem. If you insist on keeping relevant and critical information from
the people helping you, then you won't get much help and the next time
people will ignore your plea for help.


--

Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[Dave Cohen]

Mick, are you hiding the information on what the files/contents was
because you're worried that someone might not like what was sent to you,
or because you're worried that pirating material might get you into
trouble.

You've posted several times, always not telling us what was downloaded,
which hinders the ability of those helping to target a solution to your
problem. If you insist on keeping relevant and critical information from
the people helping you, then you won't get much help and the next time
people will ignore your plea for help.

That's a reasonable reply Leythos, you might also have asked since the
op claims to have received this file from a colleague surely the first
step would be to ask the colleague what he sent.
A second thing, just a generality, for any number of reasons everyone
should have a means of restoring their system. I strongly favor imaging
but at least have something even if it's only the inconvenient restore
cd's that come with some new systems.
Dave Cohen

 

[Mick]

Mick, are you hiding the information on what the files/contents was

because you're worried that someone might not like what was sent to you,
or because you're worried that pirating material might get you into
trouble.

It was a keygen program, given to me by a colleague, for a program called
Slowgold (used for slowing down guitar tracks to make them easier to learn).
I never got as far as opening the exe file, since I had big second thoughts,
but looked at the nfo file first, before closing the rar file. I did not
open the exe file.
Mick

 

[Buffalo]

It was a keygen program, given to me by a colleague, for a program called
Slowgold (used for slowing down guitar tracks to make them easier to learn).
I never got as far as opening the exe file, since I had big second thoughts,
but looked at the nfo file first, before closing the rar file. I did not
open the exe file.
Mick

Why not send that file(s) to virustotal.com and see what they find.
It is quick and painless.

 

[Leythos]

It was a keygen program, given to me by a colleague, for a program called
Slowgold (used for slowing down guitar tracks to make them easier to learn).
I never got as far as opening the exe file, since I had big second thoughts,
but looked at the nfo file first, before closing the rar file. I did not
open the exe file.
Mick

Mick - you've still not provided the name of the Exe file in question.

While malware takes many forms, we've often seen the file names before
and can then go down a different, often quicker, path to help.

If you didn't run the exe file, nor any of the others, there is a good
chance you were not compromised and that the AV solution on your PC
detected and blocked access. If you actually ran anything from that
compressed package, and sometimes compressed packages can auto-execute
files, then you may have done anything.



--

Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

 

[Mick]

Mick - you've still not provided the name of the Exe file in question.

While malware takes many forms, we've often seen the file names before
and can then go down a different, often quicker, path to help.

The file is a keygen for a file called Slowgold (used by guitarists to slow
down guitar tracks so they can be learned). I took it in full knowledge of
what it was, from a colleague, also a guitarist, who used it. When I opened
the rar file it contained an nfo file, a diz file and a second rar file
which I assume contains the executable file. I looked at the nfo file and
decided I would be stupid to open a doubtful executable file which could
contain malware. I never opened the rar file containing the keygen file, so
I don't know the name of the file, I simply closed the rar file.
It was after I closed it that Kaspersky threw up a message, which I had
never previously seen, about 'hidden data transfer' that I worried that I
had opened malware by opening the rar file or the nfo file.
Mick

 

[pcbutts1]

He did name the files you dumb idiot all three of them, I recognized them
right away. Dumbass.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

 

[Leythos]

He did name the files you dumb idiot all three of them, I recognized them
right away. Dumbass.

Porno hosting filth monger

--

Leythos - (e-mail address removed) (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.