Is this a virus?

[Mubbers]

I've recently been plagued by the following:

helpctr.exe keeps openig up massively - hundreds of exectuions filling up memory. Whenever I try and run things like ad-aware all their help file open up in mulitple windows too 🙁

I manage to run adaware and get some pretty lame tracking cookies like:

servedby.advertising etc... I've checked them all out and they just seem to be standard trackers...


Hijackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 11:32:03, on 07/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) <----- I'm using Firefox.


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
G:\Downloaded Programmes\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/en/default.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by The Black Lodge
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38078.350474537
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[Mubbers]

The fact that the trackers keep re-appearing after the helpctr.exe stuff leads me to beleive that there is some hidden process that re-installs this stuff.

 

[Khayman]

helpctr - helpctr.exe - Process Information

Process File: helpctr or helpctr.exe
Process Name: Microsoft Help and Support Center
Description: Part of the Windows XP Help system. This application is started when you click Start > Help and Support from the Windows taskbar.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No

 

[GoNz0]

if windows is set to error reporting, will it start helpcenter in the background to prepare the report ?

 

[Mubbers]

How do I check whether error reporting is on?

At one point there was 171 helpctr.exe's open with more opening all the time 😱

Only done it once today -_-

 

[GoNz0]

system properties, advanced, & the error reporting tab, it's in there.

you could also probbaly disable it from the run command using services.msc * stop and disable help and support.

 

[Mubbers]

OK got that. But anyway is this typical of a virus or is it summut else? That triggers help center to flood my system?

 

[GoNz0]

the only refrence i could find was some half baked comment about help center popping up and deleting files off your pc, that was 2 years ago and fixed by xp's service pack 1 release. otherwise i found nothing on google related to your problem, could you try and create a new user profile and use that for a day to see if the problem returns, could just be a corrupt user account.

 

[Mubbers]

Will do. I searched a fair bit on google as well and came up similarly blank 🙂

 

[Lee]

http://www.annoyances.org/exec/forum/winxp/r1056650286

One of many more recent ones, dated in June 2003

 

[rnanton@shaw.ca]

Same Error

I'm receiving the same error. Mubber, were you able to resolve this? Thanks!