HELP.EXE.TMP - Dangerous
What you should do about HELP.EXE.TMP:
Your PC is infected. The file called HELP.EXE.TMP is considered unsafe and there may be other infections on your PC.
You should urgently check your PC and remove any malicious software including HELP.EXE.TMP as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now.
What we know about HELP.EXE.TMP:
The filename HELP.EXE.TMP was first seen on Dec 8 2007 in ITALY. It has also been seen in the following geographical regions of the Prevx community:
- SPAIN on Mar 12 2008
- The EUROPEAN UNION on Dec 13 2007
- RUSSIAN FEDERATION on Jan 28 2008
- The UNITED KINGDOM on Aug 23 2008
- GERMANY on Mar 16 2008
- URUGUAY on Mar 16 2008
- PORTUGAL on Aug 24 2008
The most common file size is 123,422 bytes. But the following file sizes have also been seen:
- 101,492 bytes
- 123,960 bytes
- 104,734 bytes
- 160,768 bytes
- 101,295 bytes
- 91,177 bytes
The filename is associated with the malware group KAVKOP:Trojan-A.Some files using the name HELP.EXE.TMP are also associated with the malware group:
- Rootkit.Gen
These files may have the following Vendor, Product, Version Information in the file header
- The following Vendor, Product, Version Information has also been reported:
HELP.EXE.TMP has been seen to perform the following behavior(s):
- The Process is packed and/or encrypted using a software packing process
- The Process is polymorphic and can change its structure
- This Process Creates Other Processes On Disk
- This Process Deletes Other Processes From Disk
- Loads and Executes a System Driver File
- Executes a Process
- Registers a Dynamic Link Library File
- Injects code into other processes
- Writes to another Process's Virtual Memory (Process Hijacking)
- Violates Prevx File Security Settings
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Modifies Windows Security Policies to restrict/expand User Privileges on the machine
- Automatically changes your firewall settings to allow itself or other programs to communicate over the internet
- Adds Products to the system registry
- Creates a new Background Service on the machine
- Disables safe mode on your PC
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- Modifies Windows Initialization And System Settings Used On Start up
HELP.EXE.TMP has been the subject of the following behavior(s):
- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Executed as a Process
- Deleted as a process from disk
- Executed from Temporary Folders
- Downloaded from covert web sites without the user knowing
- Copied to multiple locations on the system
- This program is often downloaded from the web
- Registered as a Dynamic Link Library File
- Executed by Internet Explorer
- Has code inserted into its Virtual Memory space by other programs
- Terminated as a Process
- Created as a new Background Service on the machine
HELP.EXE.TMP can also use the following file names:
- HELP[1].EXE
- 84574796.DAT
- HELP.EXE
- 22WCB21O.EXE
- 50695055.SVD
- 48841426.DAT
- HELP[3].EXE
- 01980317.EXE
- 02507904.EXE
- HELP[2].EXE
- N1DEIECT.COM
- 50150025.EXE
- 83552644.EXE
- 82025395.DAT
- SAMPLE.COM
- 50440177.DAT
- 27320641.EXE
- YLR.EXE
- AMVO.EXE
- 33696698.EXE
- 45661038.EXE
- 22382451.SVD
- 59059933.EXE
- 64971974.EXE
- X.COM
- \\
- DPTTWO~1.COM
- XP19.COM
- 85702547.SVD
- 00541737.DAT
- 55972401.COM
- NIDEIECT.COM
- 79837464.SVD
- MGG.EXE
- 38254215.DAT
- 29276564.COM
- 36898313.DAT
- MGG[1].EXE