HELP[1].EXE - Dangerous
What you should do about HELP[1].EXE:
Your PC is infected. The file called HELP[1].EXE is considered unsafe and there may be other infections on your PC.
You should urgently check your PC and remove any malicious software including HELP[1].EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now.
What we know about HELP[1].EXE:
The filename HELP[1].EXE was first seen on Dec 8 2007 in ITALY. It has also been seen in the following geographical regions of the Prevx community:
- SPAIN on Mar 12 2008
- The EUROPEAN UNION on Dec 13 2007
- RUSSIAN FEDERATION on Jan 28 2008
- The UNITED KINGDOM on Aug 23 2008
- GERMANY on Mar 16 2008
- URUGUAY on Mar 16 2008
- PORTUGAL on Aug 24 2008
The most common file size is 123,422 bytes. But the following file sizes have also been seen:
- 101,492 bytes
- 123,960 bytes
- 104,734 bytes
- 160,768 bytes
- 101,295 bytes
- 91,177 bytes
The filename is associated with the malware group KAVKOP:Trojan-A.Some files using the name HELP[1].EXE are also associated with the malware group:
- Rootkit.Gen
These files may have the following Vendor, Product, Version Information in the file header
- The following Vendor, Product, Version Information has also been reported:
HELP[1].EXE has been seen to perform the following behavior(s):
- The Process is packed and/or encrypted using a software packing process
- The Process is polymorphic and can change its structure
- This Process Creates Other Processes On Disk
- This Process Deletes Other Processes From Disk
- Loads and Executes a System Driver File
- Executes a Process
- Registers a Dynamic Link Library File
- Injects code into other processes
- Writes to another Process's Virtual Memory (Process Hijacking)
- Violates Prevx File Security Settings
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Modifies Windows Security Policies to restrict/expand User Privileges on the machine
- Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
- Adds Products to the system registry
- Creates a new Background Service on the machine
- Disables safe mode on your PC
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Modifies Windows Initialization And System Settings Used On Start up
HELP[1].EXE has been the subject of the following behavior(s):
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Executed as a Process
- Deleted as a process from disk
- Executed from Temporary Folders
- Downloaded from covert web sites without the user knowing
- Copied to multiple locations on the system
- This program is often downloaded from the web
- Registered as a Dynamic Link Library File
- Executed by Internet Explorer
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
- Created as a new Background Service on the machine
HELP[1].EXE can also use the following file names:
- AMVO.EXE
- 84574796.DAT
- HELP.EXE
- 22WCB21O.EXE
- 50695055.SVD
- 48841426.DAT
- HELP[3].EXE
- 01980317.EXE
- 02507904.EXE
- HELP[2].EXE
- N1DEIECT.COM
- 50150025.EXE
- 83552644.EXE
- 82025395.DAT
- SAMPLE.COM
- 50440177.DAT
- 27320641.EXE
- YLR.EXE
- HELP.EXE.TMP
- 33696698.EXE
- 45661038.EXE
- 22382451.SVD
- 59059933.EXE
- 64971974.EXE
- X.COM
- \\
- DPTTWO~1.COM
- XP19.COM
- 85702547.SVD
- 00541737.DAT
- 55972401.COM
- NIDEIECT.COM
- 79837464.SVD
- MGG.EXE
- 38254215.DAT
- 29276564.COM
- 36898313.DAT
- MGG[1].EXE