I think Ive done a dumb thing

In article <X3Qkj.64046$h35.46158@newsfe2-gui.ntli.net>, xxx.TakeThisOut@xxx.com
says...
> I run WinXP and Kaspersky Internet Security I also have Spywareblaster
> installed.
> I was sent a rar file by a colleague. I scanned it with Kaspersky and got no
> threats. Soon after I opened it, I got a warning that a file called pchealth
> (helpctr.exe) was attempting to send data. I quarantined it. I then got the
> message:

So, since RAR is not really the problem, what did the RAR uncompress
into? What file did the RAR contain?


--

Leythos - spam999free.TakeThisOut@rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 >> Stay informed about: I think Ive done a dumb thing 

> Before you quarantined helpctr.exe did kasperksy flag it as malware? It
> is a legitimate Windows file (if it hasn't been tampered with). You could
> determine if the file is clean and if so restore it. The warning you're
> getting about replacing Windows files may be coming up because helpctr.exe
> is missing.
No, it didn't flag it as malware, it just flagged that it was trying to send
data.
Mick
 >> Stay informed about: I think Ive done a dumb thing 

The rar uncompressed into 3 files: another rar file (which I was suspicious
of and I think I did not touch), a file_id.diz file (which I also did not
touch) and an nfo file which I opened. It looked rather suspicious, so I did
not go any further and closed the rar.
Mick
Mick
"Leythos" <void DeleteThis @nowhere.lan> wrote in message
news:MPG.21fda8cc9355633c9899ae@Adfree.usenet.com...
> In article <X3Qkj.64046$h35.46158@newsfe2-gui.ntli.net>, xxx DeleteThis @xxx.com
> says...
>> I run WinXP and Kaspersky Internet Security I also have Spywareblaster
>> installed.
>> I was sent a rar file by a colleague. I scanned it with Kaspersky and got
>> no
>> threats. Soon after I opened it, I got a warning that a file called
>> pchealth
>> (helpctr.exe) was attempting to send data. I quarantined it. I then got
>> the
>> message:
>
> So, since RAR is not really the problem, what did the RAR uncompress
> into? What file did the RAR contain?
>
>
> --
>
> Leythos - spam999free DeleteThis @rrohio.com (remove 999 to email me)
>
> Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
> that create filth and put it on the web for any kid to see: Just take a
> look at some of the FILTH he's created and put on his website:
> http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
> to children (the link I've include does not directly display his filth).
> You can find the same information by googling for 'PCBUTTS1' and
> 'exposed to kids'.
>
 >> Stay informed about: I think Ive done a dumb thing 

That's what happens when you download infected software cracks. Which one
was it?

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Mick" <xxx.DeleteThis@xxx.com> wrote in message
news:1DTkj.83645$wD5.29341@newsfe3-gui.ntli.net...
> The rar uncompressed into 3 files: another rar file (which I was
> suspicious of and I think I did not touch), a file_id.diz file (which I
> also did not touch) and an nfo file which I opened. It looked rather
> suspicious, so I did not go any further and closed the rar.
> Mick
> Mick
> "Leythos" <void.DeleteThis@nowhere.lan> wrote in message
> news:MPG.21fda8cc9355633c9899ae@Adfree.usenet.com...
>> In article <X3Qkj.64046$h35.46158@newsfe2-gui.ntli.net>, xxx.DeleteThis@xxx.com
>> says...
>>> I run WinXP and Kaspersky Internet Security I also have Spywareblaster
>>> installed.
>>> I was sent a rar file by a colleague. I scanned it with Kaspersky and
>>> got no
>>> threats. Soon after I opened it, I got a warning that a file called
>>> pchealth
>>> (helpctr.exe) was attempting to send data. I quarantined it. I then got
>>> the
>>> message:
>>
>> So, since RAR is not really the problem, what did the RAR uncompress
>> into? What file did the RAR contain?
>>
>>
>> --
>>
>> Leythos - spam999free.DeleteThis@rrohio.com (remove 999 to email me)
>>
>> Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
>> that create filth and put it on the web for any kid to see: Just take a
>> look at some of the FILTH he's created and put on his website:
>> http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
>> to children (the link I've include does not directly display his filth).
>> You can find the same information by googling for 'PCBUTTS1' and
>> 'exposed to kids'.
>>
>
>
 >> Stay informed about: I think Ive done a dumb thing 

> No, it didn't flag it as malware, it just flagged that it was trying to
> send data.
> Mick
I have re-scanned my computer and it is clean - helpctr is in quarantine
with a warning of possible malware because of 'hidden data sending'.
Mick
 >> Stay informed about: I think Ive done a dumb thing 

> That's what happens when you download infected software cracks. Which one
> was it?
"Let him who is without sin cast the first stone" John 8:7
 >> Stay informed about: I think Ive done a dumb thing 

In article <1DTkj.83645$wD5.29341@newsfe3-gui.ntli.net>, xxx DeleteThis @xxx.com
says...
> The rar uncompressed into 3 files: another rar file (which I was suspicious
> of and I think I did not touch), a file_id.diz file (which I also did not
> touch) and an nfo file which I opened. It looked rather suspicious, so I did
> not go any further and closed the rar.

Mick, are you hiding the information on what the files/contents was
because you're worried that someone might not like what was sent to you,
or because you're worried that pirating material might get you into
trouble.

You've posted several times, always not telling us what was downloaded,
which hinders the ability of those helping to target a solution to your
problem. If you insist on keeping relevant and critical information from
the people helping you, then you won't get much help and the next time
people will ignore your plea for help.


--

Leythos - spam999free DeleteThis @rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 >> Stay informed about: I think Ive done a dumb thing 

Leythos wrote:
> In article <1DTkj.83645$wD5.29341@newsfe3-gui.ntli.net>, xxx.TakeThisOut@xxx.com
> says...
>> The rar uncompressed into 3 files: another rar file (which I was suspicious
>> of and I think I did not touch), a file_id.diz file (which I also did not
>> touch) and an nfo file which I opened. It looked rather suspicious, so I did
>> not go any further and closed the rar.
>
> Mick, are you hiding the information on what the files/contents was
> because you're worried that someone might not like what was sent to you,
> or because you're worried that pirating material might get you into
> trouble.
>
> You've posted several times, always not telling us what was downloaded,
> which hinders the ability of those helping to target a solution to your
> problem. If you insist on keeping relevant and critical information from
> the people helping you, then you won't get much help and the next time
> people will ignore your plea for help.
>
>
That's a reasonable reply Leythos, you might also have asked since the
op claims to have received this file from a colleague surely the first
step would be to ask the colleague what he sent.
A second thing, just a generality, for any number of reasons everyone
should have a means of restoring their system. I strongly favor imaging
but at least have something even if it's only the inconvenient restore
cd's that come with some new systems.
Dave Cohen
 >> Stay informed about: I think Ive done a dumb thing 

> Mick, are you hiding the information on what the files/contents was
> because you're worried that someone might not like what was sent to you,
> or because you're worried that pirating material might get you into
> trouble.
It was a keygen program, given to me by a colleague, for a program called
Slowgold (used for slowing down guitar tracks to make them easier to learn).
I never got as far as opening the exe file, since I had big second thoughts,
but looked at the nfo file first, before closing the rar file. I did not
open the exe file.
Mick
 >> Stay informed about: I think Ive done a dumb thing 

"Mick" <xxx.TakeThisOut@xxx.com> wrote in message
news:Ru3lj.29462$a61.18337@newsfe3-win.ntli.net...
> > Mick, are you hiding the information on what the files/contents was
> > because you're worried that someone might not like what was sent to you,
> > or because you're worried that pirating material might get you into
> > trouble.
> It was a keygen program, given to me by a colleague, for a program called
> Slowgold (used for slowing down guitar tracks to make them easier to
learn).
> I never got as far as opening the exe file, since I had big second
thoughts,
> but looked at the nfo file first, before closing the rar file. I did not
> open the exe file.
> Mick

Why not send that file(s) to virustotal.com and see what they find.
It is quick and painless.
 >> Stay informed about: I think Ive done a dumb thing 

In article <Ru3lj.29462$a61.18337@newsfe3-win.ntli.net>, xxx RemoveThis @xxx.com
says...
> > Mick, are you hiding the information on what the files/contents was
> > because you're worried that someone might not like what was sent to you,
> > or because you're worried that pirating material might get you into
> > trouble.
> It was a keygen program, given to me by a colleague, for a program called
> Slowgold (used for slowing down guitar tracks to make them easier to learn).
> I never got as far as opening the exe file, since I had big second thoughts,
> but looked at the nfo file first, before closing the rar file. I did not
> open the exe file.
> Mick

Mick - you've still not provided the name of the Exe file in question.

While malware takes many forms, we've often seen the file names before
and can then go down a different, often quicker, path to help.

If you didn't run the exe file, nor any of the others, there is a good
chance you were not compromised and that the AV solution on your PC
detected and blocked access. If you actually ran anything from that
compressed package, and sometimes compressed packages can auto-execute
files, then you may have done anything.



--

Leythos - spam999free RemoveThis @rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 >> Stay informed about: I think Ive done a dumb thing 

> Mick - you've still not provided the name of the Exe file in question.
> While malware takes many forms, we've often seen the file names before
> and can then go down a different, often quicker, path to help.
The file is a keygen for a file called Slowgold (used by guitarists to slow
down guitar tracks so they can be learned). I took it in full knowledge of
what it was, from a colleague, also a guitarist, who used it. When I opened
the rar file it contained an nfo file, a diz file and a second rar file
which I assume contains the executable file. I looked at the nfo file and
decided I would be stupid to open a doubtful executable file which could
contain malware. I never opened the rar file containing the keygen file, so
I don't know the name of the file, I simply closed the rar file.
It was after I closed it that Kaspersky threw up a message, which I had
never previously seen, about 'hidden data transfer' that I worried that I
had opened malware by opening the rar file or the nfo file.
Mick
 >> Stay informed about: I think Ive done a dumb thing 

He did name the files you dumb idiot all three of them, I recognized them
right away. Dumbass.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Beauregard T.
Shagnasty,Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Leythos" <void.DeleteThis@nowhere.lan> wrote in message
news:MPG.21fe9a35f7d01f49899b5@Adfree.usenet.com...
> In article <Ru3lj.29462$a61.18337@newsfe3-win.ntli.net>, xxx.DeleteThis@xxx.com
> says...
>> > Mick, are you hiding the information on what the files/contents was
>> > because you're worried that someone might not like what was sent to
>> > you,
>> > or because you're worried that pirating material might get you into
>> > trouble.
>> It was a keygen program, given to me by a colleague, for a program called
>> Slowgold (used for slowing down guitar tracks to make them easier to
>> learn).
>> I never got as far as opening the exe file, since I had big second
>> thoughts,
>> but looked at the nfo file first, before closing the rar file. I did not
>> open the exe file.
>> Mick
>
> Mick - you've still not provided the name of the Exe file in question.
>
> While malware takes many forms, we've often seen the file names before
> and can then go down a different, often quicker, path to help.
>
> If you didn't run the exe file, nor any of the others, there is a good
> chance you were not compromised and that the AV solution on your PC
> detected and blocked access. If you actually ran anything from that
> compressed package, and sometimes compressed packages can auto-execute
> files, then you may have done anything.
>
>
>
> --
>
> Leythos - spam999free.DeleteThis@rrohio.com (remove 999 to email me)
>
> Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
> that create filth and put it on the web for any kid to see: Just take a
> look at some of the FILTH he's created and put on his website:
> http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
> to children (the link I've include does not directly display his filth).
> You can find the same information by googling for 'PCBUTTS1' and
> 'exposed to kids'.
 >> Stay informed about: I think Ive done a dumb thing