Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

hkalnitz

2 Posts

2252

February 27th, 2004 13:00

Helpctr.exe Virus? Need help!

Dual Posted  from the windows XP forum due to a suggestion

 

Folks

I am having a rough time with my (wifes) >1month old inspiron 1100. Heres the timeline:

- She called yesterday to tell me that she was having problems on IE6. When she opened it, it would continously type BBBB into the address line. She finally got to the site she wanted by opening favorites directly.

- When she tried to restart the computer beeped about 5-8 times and then proceeded onto the windows start-up screen

- I though I had a stuck key, but when I arrived home, I found no evidence of this. During my cruising around, a pop-up notifying me that helpctr.exe was trying to run a malicious script. I also found the fn key was diabled and I could not access any of the fn key commands. The keyboard was doing strange things, like when I pushed G it would minimize the toolbar. Also IE6 had been renamed Bbexlorer

- I searched for helpctr.exe, and found a few, the most suspicious being a java script downloaded into prefetch earlier that day!

- I was prepared to flash the bios (to gain control of the Fn key) when I decided to set the system back a few days (system restore)

- the system still beeped, but solved the function key, and I though I had solved the issue.

- After a few hours the issue came back with a vengance - soon the system was dragging, and when I could I opened the task list and found 80-100% system utilization, with helpctr.exe running 5-10 times.

- I searched the internet, and found a virus report of helpctr.exe, causing an overbuffer and then allowing remote control of the computer - and several mail messages detailing the same issue I am having. It reccomended upgrading the system (which I had not done since the computer was 3 weeks old and I expected dell to supply at least some of these upgrades) but the upgrades (at the time I installed them) did not work

- It continued to worsen, opening the help center screen on its own with an error every few minutes, and more or less locking the keyboard. I could ,for example, not run MSconfig, because when I typed the g, the run window would close!!

- I called Dell help, and we repared windows XP. However after the 45minute repair, there are no changes! I cannot use the keybord at all. (I am, of course, on another computer)

Here are my questions

- Is there really a helpctr.exe virus (I am guessing yes)?

- Is there a fix?

- How could this have gotten past a firewall and a NAV program? - could it be a script from a website?

- How can this 'live' past an xp repair?

- could it have affected my BIOS? Why else could the computer be beeping at start-up?

- Is there any other explaination

 

I am about to start a clean install of XP but I am not sure this will solve the problem, aside from the effort involved (I am going to take a half day off work to do this!) So I am pleading for more information!!!

thanks, Howard

Stegve

50 Posts

February 27th, 2004 17:00

ChrisRLG

2 Intern

 • 

3.9K Posts

February 27th, 2004 20:00

Jump to the hijackthis instructions below
-----------------------------
Use these to remove Malware (Spyware and Adware).

1) SpyBot Search and Destroy
After installing SpyBot Search & Destroy, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer windows, hit 'Check for Problems', and have SpyBot remove all the items it marks in red.

2) Get Ad-Aware
After installing Ad-Aware, and before running the program, first press “check for updates now".
Click "Connect" and install all updated components available. Click 'Finish'.
Press "Scan Now", then 'next', and let Ad-Aware scan your drives.
It will find a number of "bad" files and registry keys. Click 'Next' again.
Check all found items, and click 'next' once more.
It will ask you whether you'd like to remove all checked items. Click OK.

Always reboot the computer between each program - both of these may find things that they need to have a reboot of the machine to clear - please reboot and let them finish .

Failing those solving your problems a post of a hijackthis log for the experts to advise.
HijackThis From Here
or one of these other links:-
http://www.merijn.org/files/hijackthis.zip
http://www.aluriasoftware.com/tools/hijackthis.zip
http://mjc1.com/mirror/hjt/

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary. Then run, scan, save log, then in notepad copy the FULL log by copy and paste as a reply to this post and an expert with HijackThis Knowldge, will have a go at giving advice. Please note the list of experts names below, very few forum regulars here have had this training.

DO NOT FIX ANYTHING WITH HIJACKTHIS WITHOUT EXPERT ADVICE, most of what it finds you need for normal MS Windows tasks.

Known Spyware HijackThis fighters in DellTalk - If you are, and are not on the list please PM Me.

TomCoyote (of http://tomcoyote.org/forums/index.php fame)
YoKenny (Accredited Expert at TomCoyotes)
baskar1234 (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
ChrisRLG (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Tuxedo Jack (Teaching Assistant at TomCoyotes, Trusted Advisor Spywareinfo)
Yellowhammer (Trusted Advisor at Net-Integration, First Responder at Computer Cops)
therock247uk (In Training at TomCoyotes)
irelynmisses (In Training at TomCoyotes)

You could also go to one of the more specalist forums where more experts will be able to help.
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi (Home of Spybot S&D)
http://boards.cexx.org/index.php
http://www.wilderssecurity.com/index.php
http://tomcoyote.org/forums/index.php
http://forums.spywareinfo.com/index.php
Do read the sites FAQ before posting, and advise your problem and what steps you have already done to try to cure your problem.

I, and the other hijack experts mentioned above, are in all those sites (and more) with the same login names. You might get one of us at those sites also to anwser your log, but other experts will also be available.

Was this post helpful?

View All

No Events found!

Top