I think Ive done a dumb thing

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I run WinXP and Kaspersky Internet Security I also have Spywareblaster
installed.
I was sent a rar file by a colleague. I scanned it with Kaspersky and got no
threats. Soon after I opened it, I got a warning that a file called pchealth
(helpctr.exe) was attempting to send data. I quarantined it. I then got the
message:
"Files that are required for windows have been replaced by unrecognised
versions. To maintain system stability Windows must restore the original
versions of these files". It asked me to insert CD2 (which I didn't have -
Windows came preloaded with my laptop and I don't have the CD) so (this is
the dumb part) I pressed cancel.
I am currently scanning my computer to work out whether I have infected my
laptop. Can anybody give me advice about what to do next?
Mick



Re: I think I've done a dumb thing



Quoted text here. Click to load it

Before you quarantined helpctr.exe did kasperksy flag it as malware?  It is
a legitimate Windows file (if it hasn't been tampered with).  You could
determine if the file is clean and if so restore it.  The warning you're
getting about replacing Windows files may be coming up because helpctr.exe
is missing.


Re: I think I've done a dumb thing

Quoted text here. Click to load it
No, it didn't flag it as malware, it just flagged that it was trying to send
data.
Mick



Re: I think I've done a dumb thing

Quoted text here. Click to load it
I have re-scanned my computer and it is clean - helpctr is in quarantine
with a warning of possible malware because of  'hidden data sending'.
Mick



Re: I think Ive done a dumb thing

says...
Quoted text here. Click to load it

So, since RAR is not really the problem, what did the RAR uncompress
into? What file did the RAR contain?


--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Re: I think Ive done a dumb thing

The rar uncompressed into 3 files: another rar file (which I was suspicious
of and I think I did not touch), a file_id.diz file (which I also did not
touch) and an nfo file which I opened. It looked rather suspicious, so I did
not go any further and closed the rar.
Mick
Mick
Quoted text here. Click to load it



Re: I think Ive done a dumb thing

That's what happens when you download infected software cracks. Which one
was it?

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: I think Ive done a dumb thing


Quoted text here. Click to load it
"Let him who is without sin cast the first stone" John 8:7 :)



Re: I think Ive done a dumb thing

says...
Quoted text here. Click to load it

Mick, are you hiding the information on what the files/contents was
because you're worried that someone might not like what was sent to you,
or because you're worried that pirating material might get you into
trouble.

You've posted several times, always not telling us what was downloaded,
which hinders the ability of those helping to target a solution to your
problem. If you insist on keeping relevant and critical information from
the people helping you, then you won't get much help and the next time
people will ignore your plea for help.
 

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Re: I think Ive done a dumb thing

Leythos wrote:
Quoted text here. Click to load it
That's a reasonable reply Leythos, you might also have asked since the
op claims to have received this file from a colleague surely the first
step would be to ask the colleague what he sent.
A second thing, just a generality, for any number of reasons everyone
should have a means of restoring their system. I strongly favor imaging
but at least have something even if it's only the inconvenient restore
cd's that come with some new systems.
Dave Cohen

Re: I think Ive done a dumb thing

Quoted text here. Click to load it
It was a keygen program, given to me by a colleague, for a program called
Slowgold (used for slowing down guitar tracks to make them easier to learn).
I never got as far as opening the exe file, since I had big second thoughts,
but looked at the nfo file first, before closing the rar file. I did not
open the exe file.
Mick



Re: I think Ive done a dumb thing


Quoted text here. Click to load it
learn).
Quoted text here. Click to load it
thoughts,

Why not send that file(s) to  virustotal.com and see what they find.
It is quick and painless.



Re: I think Ive done a dumb thing

says...
Quoted text here. Click to load it

Mick - you've still not provided the name of the Exe file in question.

While malware takes many forms, we've often seen the file names before
and can then go down a different, often quicker, path to help.

If you didn't run the exe file, nor any of the others, there is a good
chance you were not compromised and that the AV solution on your PC
detected and blocked access. If you actually ran anything from that
compressed package, and sometimes compressed packages can auto-execute
files, then you may have done anything.



--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Re: I think Ive done a dumb thing

Quoted text here. Click to load it
The file is a keygen for a file called Slowgold (used by guitarists to slow
down guitar tracks so they can be learned). I took it in full knowledge of
what it was, from a colleague, also a guitarist, who used it. When I opened
the rar file it contained an nfo file, a diz file and a second rar file
which I assume contains the executable file. I looked at the nfo file and
decided I would be stupid to open a doubtful executable file which could
contain malware. I never opened the rar file containing the keygen file, so
I don't know the name of the file, I simply closed the rar file.
It was after I closed it that Kaspersky threw up a message, which I had
never previously seen, about 'hidden data transfer' that I worried that I
had opened malware by opening the rar file or the nfo file.
Mick



Re: I think Ive done a dumb thing

He did name the files you dumb idiot all three of them, I recognized them
right away. Dumbass.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com , David
H. Lipman, Max M Wachtell III  aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



Quoted text here. Click to load it



Re: I think Ive done a dumb thing

@leythosthestalker.com says...
Quoted text here. Click to load it

Porno hosting filth monger

--

Leythos - spam999free@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.

Site Timeline