Suspicious Script Help & Support Advanced System Information

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Hi-
I have been hijacked before (remotely) and am on the slightly paranoid side
when it comes to my security. I have a question: When trying to view my
"Advanced System Information " via Help & Support, when I go one step
further to the option "View Detailed System Info",right next to the link in
blue there is this - (msinfo32.exe). When I click on it, my McAfee pops up
and gives me the following message:

SUSPICIOUS SCRIPT DETECTED
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HelpCtr.exe

What does this mean? Has someone altered this so that I cannot view this
info? And if so, PLEASE HELP. I dont know what to do.

Another funny thing. I notice when I look at the running services, things I
have disabled such as Fast User Switching and Net Remote Logon (as I am the
only person using my computer), well when I access this Running Services thru
Help and Support, I see these items and they are not disabled but the way the
service shows the name listed is like this: Net Remote Lo gon-theres like a
space inserted into one part of the actual name and it seems like its like
that for all that I have diabled. Like someone has gone in and screwed with
it to make it look like its normal but the space inserted thing is very
suspicious plus it shows the service running when I have made the changes to
disable certain things via my "Start" "Run" and typing in "services.msc".
Additional note: another weird service with the space thingy in it is "Shared
Acce ss" which I disabled and it shows running. PLEASE HELP. I appreciate
your responses.
Thank you!
 
First of all, to see if your services are 'running' check services.msc
or Start->Settings ->Control Panel -> Administrative Tools ->Services .
If it shows it to be not running, then it's not running. There WAS a
problem with Help & Support having an undocumented/unexpected issue
with allowing people to abuse the ability of Help & Support to access
the internet. However, I'm guessing you've been keeping your Critical
Updates from M$ up-to-date and thus are 'protected' from this issue.
What I'm thinking is that McAfee might be blocking/preventing the Help
& Support from functioning properly due to thinking it might have a
security issue. What I would do is try disabling McAfee and reloading
it. If you think that HelpCtr.exe has been compromised then use the
System File Checker Utility to check/replace it.
 
Esteven1 said:
First of all, to see if your services are 'running' check services.msc
or Start->Settings ->Control Panel -> Administrative Tools ->Services .
If it shows it to be not running, then it's not running. There WAS a
problem with Help & Support having an undocumented/unexpected issue
with allowing people to abuse the ability of Help & Support to access
the internet. However, I'm guessing you've been keeping your Critical
Updates from M$ up-to-date and thus are 'protected' from this issue.
What I'm thinking is that McAfee might be blocking/preventing the Help
& Support from functioning properly due to thinking it might have a
security issue. What I would do is try disabling McAfee and reloading
it. If you think that HelpCtr.exe has been compromised then use the
System File Checker Utility to check/replace it.
Click to expand...

Is it possible McAfee has a heuristics feature and that it's set too high?
I know Norton will do that same thing.

Pop
 
Back
Top