Winhlp.exe Unknown ?

Discussion in 'Prevx Releases' started by CloneRanger, Mar 25, 2014.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Surprised @ this !

    hlp.png

    Also WSA identified it as @ Trojan :D

    Recently mmc.exe was also identified as Unknown too :p

    I would have expected these 2 being known for years !
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I don't have that file on my system - it could possibly be malicious, but I suggest writing into our support inbox to have them check your individual log.
     
  3. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Last edited: Mar 25, 2014
  4. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The file in the screenshot is under system32 rather than the Windows root, which is what I haven't seen before, hence the suspicion.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    I have 3 x winhlp32.exe files in my XP/SP2 which are all different sizes. I uploaded them to http://r.virscan.org & None were flagged as dodgy by Any of the vendors !

    I would have expected that, as these are standard Windows files they should have been included years ago ?

    @ Triple Helix

    Thanx for the screenie etc :thumb:

    @ Dermot7

    I'd forgotten about that :)
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    A file could be known good but if executed in a manner deemed suspicious, it could still be flagged. I still just suggest sending in a scan log and the threat team can verify what's going on.
     
  8. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    I wasn't concerned about being infected, as the Hlp file was from a known safe software. I only posted as a heads up for you WSA guys ;)

    Don't forget the mmc.exe either !
     
  9. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
  10. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ Dermot7

    Thanx, i wasn't aware of that www :thumb: I wonder how many other people aren't either ? Anyway i tried to upload a Zip with All the files in, but even after allowing Scripts & Flash i couldn't see an image for the Captcha ? Not even after trying another image :(

    @ PrevxHelp

    Why don't you make that www a STICKY on here ? If you can sort out the issues i had with it :D
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've edited this post now - thanks!
     
  12. Esse

    Esse Registered Member

    Joined:
    May 26, 2011
    Posts:
    383
    Is it still only 10mb limit?
    I wish they doubled that, had problem sending them Macrium Reflect backup startup file as it was 17mb a time ago.

    /E
     
  13. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
    Same here...but it works when I accept a cookie. :)
     
  14. Dermot7

    Dermot7 Registered Member

    Joined:
    Dec 20, 2009
    Posts:
    3,196
    Location:
    Surrey, England.
Thread Status:
Not open for further replies.