Really a Virus? What's the ehc folder for?

  AngeTheHippy 18:26 21 Oct 05
Locked

Hi Chaps,
Just been doin a bit of cleaning up, Spybot, Ad-aware, MS Antispyware, when an AVG Virus Alert window appeared wit the following:

WHILE OPENING FILE: C:\Program Files\ehc\hc2\Printers\Troubleshooting\Images\ep1.bmp.shs
WARNING: Hidden extension .shs

Now, I think I'm right in thinking this ehc folder has something to do with Evesham (supplier). I don't know WHAT this is, I somehow don't think there is a real virus...in the folder it points to, there are 2 files in that don't look like the rest. they are:

ep1.bmp and scrap.bak - both look like bits of paper with top-right corner folded down, and wavy at the bottom. White with yellow on centre. Both are 501kb

I've also found folder in progs named 'helpcentre' and in that there is a zip folder, EHC.ZIP which is 19.506kb. In the same folder, is an EHC.exe - autoplay Media Studio.4.0 runtime Indigo Rose Corporation.

Any suggestions please, what to do next?

AngeTheHippy
xx

  AngeTheHippy 18:28 21 Oct 05

whatever I select on the AVG window, 'info', 'heal' 'delete file' or 'move to vault', it cannot do any of these actions.

A

  johnnyrocker 18:35 21 Oct 05

click here at least you will know what type it is.


johnny.

  AngeTheHippy 18:43 21 Oct 05

thanks, had a quick peruse at the site you suggested... prob need to have a good read of it though... will in a minute.

Just did a 'properties' on the shs file, and it said it was created in Nov 2002!!!


AngeTheHippy

  Fruit Bat /\0/\ 18:54 21 Oct 05

In this case not a virus but a truble shooting file for the printer setup>

The Shell Scrap Object is part of the Microsoft embed objects inside objects philosophy. Basically, what happens is that the shell script is wrapped around an object and the .SHS extension (which normally can't be seen even with extensions turned on) is added to the file.

An .SHS file is really potentially quite dangerous because it can have anything executable in it along with a vast collection of dangerous script code in the wrapper. At least one worm uses the Shell Script object.

Note: This file type can become infected and should be carefully scanned if someone sends you a file with this extension.

  AngeTheHippy 19:22 21 Oct 05

whadayathink, if I RENAME both these files, adding a .bak?

AngeTheHippy
xx

  AngeTheHippy 19:24 21 Oct 05

each time I go this file, as soon as I click (right-click for properties) I get that AVG virus alert file....

A

  Fruit Bat /\0/\ 19:30 21 Oct 05

Virus alert due to the double extension .bmp.shs

rename files without the .shs on the end and they will be fine an it should also stop the virus alert.

  AngeTheHippy 19:36 21 Oct 05

just reneamed 'em. Went out of then back into C:\Program files\ehc\hc2\Printers\Troubleshooting
\images\ep1.bak , right-clicked and hey, no virus alert window!!!

Have clicked 'resolved' ... for now!

Cheers guys,

AngeTheHippy
xx

This thread is now locked and can not be replied to.

How to get Windows 10 for free | How to install Windows 10: There is still a way to avoid paying…

1995-2015: How technology has changed the world in 20 years

Alex Chinneck’s giant ice cube Christmas tree at Kings Cross

Apple rumours & predictions 2017: The iPhone 8, new iPads, and everything else you should expect fr7…