G
Grape Crusher
Running WinXP Home
I hope someone will bear with me and read this. It sounds complicated
I guess, but I have tried to pare it down to just a few words and that
just won't work. And if anyone has a better idea than reformatting and
reinstalling I would be SO grateful for the advice.
Problem began with a sudden drastic decline in dial-up connection
speed. Initially blamed my ISP, pretty much cursed them out over a
couple of day. (I have since apologized!)
After updating VirusScan and SpyBot, which I routinely do anyway, and
finding no problems there. I started the modem troubleshooter. Should
have begun there. Several pages into the troubleshooter I get a
Norton Warning Window that there is a Malicious Script HelpCtr.Exe and
recommends that I block it. It does not offer to quarantine it. I
delete it. It has no effect.
I have script blocking on as a default, but it appears not to have
caught this.
I do a search on the file name. I come up with 3 exact matches, and
one additional match with an extended string following the extension.
They are as follows:
helpctr.exe in C:\WINDOWD\$NtServicePackUninstall$ Aug/18/2001
helpctr.exe in C:\WINDOWS\ServicePackFiles|i386 Aug/29/2002
helpctr.exe in C:\WINDOWS\PCHEALTH\HELPCTR\binaries Aug/29/2002
HELPCTR.EXE-0BD5B31B.pf in C:\WINDOWS\prefetch Current date
All capitals are exactly as shown in the search result window.
The first three files appear to be legitimate. Their age and the
properties screen which says Microsoft is the origin lead me to
believe they are legitimate.
So I assumed the last one, with the long string followed by .pf was
the culprit. So I deleted it. No effect. If I disconnect and
reconnect, it is at the same low speed, and the trouble shooter finds
the script again. Rebooting does the same thing. Went through this
several times. Same result (non-result?)
(I also deleted ALL of them at one time,I got warnings of possible
instability which I ignored, But doing so immediately affected
everything! From mouse clicks to keyboard function! So I restored them
and rebooted!)
Obviously (to me) something unknown is regenerating this file! It is
this I must find! Anyone having a clue what is causing this?
In the last 2 days some other odd things have occurred which I will
not detail here, but it leads me to logically assume that whatever is
invading my system has more nasty things to do than just slowing down
my internet connection.
I did a search on Google/groups and there are literally thousands of
entries dealing with problems with HelpCtr.exe, all of them seemingly
affecting a different aspect of Windows. Some can't print. some can't
network, and on and on.
Looked it up on Symantec's page, got three hits, none of which related
in any way to my situation.
(And Norton, BTW, no longer supports a TWO YEAR OLD version of
AntiVirus. And even if you qualify for support they do not offer
support to get rid of a problem. Only support is for installation and
general use of the program. Have used Norton for 10 years. Never
again. End of rant)
The basic support from Dell is to Back up data, reformat and re
install. I'm at the point that I might be willing to do it BUT here's
at least one problem with that: If something is generating this
malicious script how am I to determine what is safe to backup and what
is not. Just backing it all up does not make any sense to me.
I hope I have not lost your interest by going on too long and that all
of this makes some sense.
Hopefully
Grape Crusher
I hope someone will bear with me and read this. It sounds complicated
I guess, but I have tried to pare it down to just a few words and that
just won't work. And if anyone has a better idea than reformatting and
reinstalling I would be SO grateful for the advice.
Problem began with a sudden drastic decline in dial-up connection
speed. Initially blamed my ISP, pretty much cursed them out over a
couple of day. (I have since apologized!)
After updating VirusScan and SpyBot, which I routinely do anyway, and
finding no problems there. I started the modem troubleshooter. Should
have begun there. Several pages into the troubleshooter I get a
Norton Warning Window that there is a Malicious Script HelpCtr.Exe and
recommends that I block it. It does not offer to quarantine it. I
delete it. It has no effect.
I have script blocking on as a default, but it appears not to have
caught this.
I do a search on the file name. I come up with 3 exact matches, and
one additional match with an extended string following the extension.
They are as follows:
helpctr.exe in C:\WINDOWD\$NtServicePackUninstall$ Aug/18/2001
helpctr.exe in C:\WINDOWS\ServicePackFiles|i386 Aug/29/2002
helpctr.exe in C:\WINDOWS\PCHEALTH\HELPCTR\binaries Aug/29/2002
HELPCTR.EXE-0BD5B31B.pf in C:\WINDOWS\prefetch Current date
All capitals are exactly as shown in the search result window.
The first three files appear to be legitimate. Their age and the
properties screen which says Microsoft is the origin lead me to
believe they are legitimate.
So I assumed the last one, with the long string followed by .pf was
the culprit. So I deleted it. No effect. If I disconnect and
reconnect, it is at the same low speed, and the trouble shooter finds
the script again. Rebooting does the same thing. Went through this
several times. Same result (non-result?)
(I also deleted ALL of them at one time,I got warnings of possible
instability which I ignored, But doing so immediately affected
everything! From mouse clicks to keyboard function! So I restored them
and rebooted!)
Obviously (to me) something unknown is regenerating this file! It is
this I must find! Anyone having a clue what is causing this?
In the last 2 days some other odd things have occurred which I will
not detail here, but it leads me to logically assume that whatever is
invading my system has more nasty things to do than just slowing down
my internet connection.
I did a search on Google/groups and there are literally thousands of
entries dealing with problems with HelpCtr.exe, all of them seemingly
affecting a different aspect of Windows. Some can't print. some can't
network, and on and on.
Looked it up on Symantec's page, got three hits, none of which related
in any way to my situation.
(And Norton, BTW, no longer supports a TWO YEAR OLD version of
AntiVirus. And even if you qualify for support they do not offer
support to get rid of a problem. Only support is for installation and
general use of the program. Have used Norton for 10 years. Never
again. End of rant)
The basic support from Dell is to Back up data, reformat and re
install. I'm at the point that I might be willing to do it BUT here's
at least one problem with that: If something is generating this
malicious script how am I to determine what is safe to backup and what
is not. Just backing it all up does not make any sense to me.
I hope I have not lost your interest by going on too long and that all
of this makes some sense.
Hopefully
Grape Crusher