Winhlp.exe Unknown ?

Surprised @ this !



Also WSA identified it as @ Trojan

Recently mmc.exe was also identified as Unknown too

I would have expected these 2 being known for years !

 

I don't have that file on my system - it could possibly be malicious, but I suggest writing into our support inbox to have them check your individual log.

 

It's on XP and optional on newer Windows OS's http://en.wikipedia.org/wiki/WinHelp & http://support.microsoft.com/kb/917607 but you could be right Joe!

Daniel

And I have them on my Win 7 x64.

 

Reminded me of this thread: How a malicious help file can install a spyware keylogger

 

The file in the screenshot is under system32 rather than the Windows root, which is what I haven't seen before, hence the suspicion.

 

@ PrevxHelp

I have 3 x winhlp32.exe files in my XP/SP2 which are all different sizes. I uploaded them to http://r.virscan.org & None were flagged as dodgy by Any of the vendors !

I would have expected that, as these are standard Windows files they should have been included years ago ?

@ Triple Helix

Thanx for the screenie etc

@ Dermot7

I'd forgotten about that

 

A file could be known good but if executed in a manner deemed suspicious, it could still be flagged. I still just suggest sending in a scan log and the threat team can verify what's going on.

 

@ PrevxHelp

I wasn't concerned about being infected, as the Hlp file was from a known safe software. I only posted as a heads up for you WSA guys

Don't forget the mmc.exe either !

 

@CloneRanger, there is also the File Submission service for FPs etc. In case you haven't seen http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx

 

@ Dermot7

Thanx, i wasn't aware of that www I wonder how many other people aren't either ? Anyway i tried to upload a Zip with All the files in, but even after allowing Scripts & Flash i couldn't see an image for the Captcha ? Not even after trying another image

@ PrevxHelp

Why don't you make that www a STICKY on here ? If you can sort out the issues i had with it

 

I've edited this post now - thanks!

 

Is it still only 10mb limit?
I wish they doubled that, had problem sending them Macrium Reflect backup startup file as it was 17mb a time ago.

/E

 

Same here...but it works when I accept a cookie.

 

Yeah, think it's still 10MB (?), but agree it should be increased, if possible https://community.webroot.com/t5/Id...e-limit-on-website-not-submission/idi-p/69615