Prevx Home and HHCTRL.OCX

Discussion in 'other anti-malware software' started by Spray-on Dust, Jan 27, 2005.

Thread Status:
Not open for further replies.
  1. Spray-on Dust

    Spray-on Dust Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    51
    So lately (if memory serves me right, it was soon after I completed my latest manual update of Prevx Home) I've been getting these "Potential Intrusion Attempt Detected" warnings in Prevx. So far, they have only appeared when I open iTunes or WinZip. I have always clicked "Deny" so far because the warning mentions that "If you are not viewing the help information in a program, this is probably malicious behaviour." The summar for both instances of iTunes and WinZip are "The application ________ is trying to execute C:\WINDOWS\SYSTEM32\HHCTRL.OCX from a protected area. HTML Help Control (Execution) The Microsoft HTML Help Service may be abused by malicious programs.

    I have recently downloaded and ran Bugoff by Merjin, which is supposed to give better protection against html file abuse. Supposedly anyway, I don't know much about I just went off a recomendation in another forum.

    So has anyone else encountered anything like this? Should I be worried?

    -Spray-on Dust


    Oh. Also, despite clicking on "Deny" everytime, the program still runs. Hmmmmm.... It prompts me twice to allow or deny and after the 2nd time it just goes away. But it leaves me with this "red x" windows message: iTunes.exe - Bad Image The application or DLL C:\WINDOWS\System32\hhctrl.ocx is not a valid Windows image. Please check this against your instillation diskette. Then I just click OK.

    Pretty odd, huh?
     
  2. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    is it possible you have prevx pro? then you should have a white list where you can put exe's and dll's in it.

    if you haven't got the pro version: you should be able to check some sort of : 'remember for next occasion too' or something like that. sorry I cannot remember it that good anymore (quite long time ago) but I recall an option like that.

    Inf.
     
  3. Spray-on Dust

    Spray-on Dust Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    51
    Nope, don't have Prevx Pro.

    I know the option you're talking about but that's not what i'm thinking of. I just want to know if this is a known exploit or something else I should be concerned about. I've just never recieved this message before and it seems really odd that the help file is trying to launch when i'm only firing up iTunes and WinZip.

    Thanks, though.

    Spray-On Dust
     
  4. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    HHCTRL.OCX is a part of the Windows Help system. If the program you are running is a trusted one, then you don't need to block it. This is a way of covering the new LoadImage vulnerability.
     
  5. Teq

    Teq Guest

    I get that message too (when opening WinZip, etc.). I just tell Prevx to ignore it because I trust the programs that I open up.

    I can only assume that some legit programs uses this control for their "Help" and Prevx detects that on load, even though you might not be viewing it at the time.
     
  6. Spray-on Dust

    Spray-on Dust Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    51
    Thanks everyone. I'm just clicking on allow from now on.

    -Spray-on Dust
     
Loading...
Thread Status:
Not open for further replies.