Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't get rid of security warnings


  • Please log in to reply

#16
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

Sorry about that. I saw Chrome extensions in your OTL log and thought you might use Chrome. Here are the IE instructions:

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


If you don't mind, we'll deal with your UAC issue after we've finished the removal :) It's best to make sure you're all clean before we go making system changes.

Tom
  • 0

Advertisements


#17
sem40

sem40

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Hi, Tom
First thing first. Here's the log for ESET:

C:\AI_RecycleBin\{19678E5D-C06C-42DA-974B-C04514E0AABD}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\AI_RecycleBin\{B70AB0D4-6B91-4E92-AED6-F08C378810B5}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\AI_RecycleBin\{DF9EE7F2-55D2-4C4D-81F0-D5E67BA172E7}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\AI_RecycleBin\{F4EBEA1C-B07F-454A-93D6-E492D1284D42}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application
C:\AI_RecycleBin\{F5779941-8D0E-45B8-B289-9E93DCCD57A8}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application

I ran in this situation - my daughter had to use my computer and she installed Firefox and played with the computer in general. So, after she left, I had to turn it back to the way I like it, including removing Firefox and such. Will there be a problem with the previous cleaning that we did?

sem40
  • 0

#18
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

I ran in this situation - my daughter had to use my computer and she installed Firefox and played with the computer in general. So, after she left, I had to turn it back to the way I like it, including removing Firefox and such. Will there be a problem with the previous cleaning that we did?


Thank you for letting me know, but that won't cause any problems :)

You're all clean :thumbsup: Now for a little tidying up!

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O20 - AppInit_DLLs: (c:\progra~3\browse~1\261125~1.80\{c16c1~1\browse~1.dll) - File not found
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]

  • Click the Run Fix button.

OTL CleanUp

  • Open OTL
  • Click CleanUp
This will remove all of the tools that we have used (and their subsequent logs) from your system, leaving you as good as new.

WOT Link Scanning

  • Install WOT (Web Of Trust) from here Safe Browsing Tool - WOT
  • This program provides information about the safety of websites and links that you visit.
  • The ratings can be found below:

    Green - Website is highly rated
    Yellow - Website should be used with caution
    Red - Website should be avoided
  • A complete list of the symbols can be found here
WOT provides colour coded link scanning for websites and allows you to see whether a link you are about to click on is bad - e.g. malicious.

MVPs HOSTS File

  • Download the MVPs HOSTS File to your desktop
  • Extract the files from the .zip folder
  • Right click on mvps.bat and select Run As Administrator
  • This should open up a command window, follow the on screen instructions
  • Open your start menu, and type cmd
  • Right click on cmd and select Run As Administrator
  • When it opens, type the following:
ipconfig /flushdns


Now you're all clean again, we can sort out this UAC issue. The symptoms you described a few posts back sounded like how UAC is meant to work (prompting you to confirm actions that require elevation). Are you seeing prompts like this?

Posted Image

If so, that's perfectly normal and nothing to worry about as it is a security feature that was introduced in Windows Vista.

What I suspect has happened, based on your description, is that these prompts never used to appear and now they are - which would be caused by the UAC restriction level being reset. We can disable these prompts if you wish, but the reason they appear is to protect you from malware infections by making you confirm software actions before they go ahead so disabling this would make your system less secure. I would leave them, but it's your call, just let me know either way and we'll sort this out :)

Tom
  • 0

#19
sem40

sem40

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I had applied your current directions, but somehow, I still have Adwcleaner, Security Check and some Log on my Desktop. What do I do with them? Also, when I downloaded MVP Hosts file the last direction was to type ipconfig /flushdns which I did at the flashing dash and it seems that the screen just closed. I hope that's how it supposed to be. Do you think I have too many cleaners on my computer and all of them are either run automatically or I can start them manually.

As for that UAC warning, I think I have dealt with it somehow and they don't show up anymore ( at least for now), but I have 2 others:
a) Web Browser: "One or more ActiveX controls could not be displayed because either:
1) Your current security settings prohibit running ActiveX controls on this page, or
2) You have blocked a publisher of one of the controls.
As a result, the page might not display correctly. OK

b) and once in a while I get Script Error Message: An error has occurred on the script on this page. Line: 2432 (or sometimes different)
Char: 1
Error: Not enough storage is available to process this command
Code: 0
URL : res://ieframe.dll/preview.js (or sometimes different URL)
Do you want to continue running scripts on this page? YES/NO

The most offensive is (a). Please help with it
  • 0

#20
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

You can delete any tools or logs that the OTL CleanUp failed to delete. The HOSTS file will be in place so that's the main priority, the DNS flushing will occur automatically after 24 hours so that shouldn't be a problem if it did fail. Looking at the list of your installed software, I can only see one cleaner (CCleaner) and that's what I currently use, so no I don't think you have too many cleaners, unless you have more?

Can you reset IE by using this FixIt please: http://support.microsoft.com/kb/923737

SFC Scan

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    sfc /scannow

    Wait for this to finish before you continue

    copy %windir%\logs\cbs\cbs.log %userprofile%\Desktop\cbs.txt

  • This will create a file, cbs.txt on your Desktop. Please attach this to your next post.

Tom
  • 0

#21
sem40

sem40

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I had tried to post a log here and I 've got this message: "Your post was too long. Please go back and shorten it a little." How do I do that? And another dumb question: How do you put an image into reply like you did it in a previous reply? As I told you before, my knowledge is pretty limited.
  • 0

#22
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

No problem, thank you for asking. The CBS log is very large and you will need to attach it to your next post rather than post the contents. To do so, click the Use Full Editor button to show all of the features. Below the post box, you should see the Attachments section. Click the Choose File button, then select the CBS.txt on your Desktop and click Attach This File to attach it to your post. There's a very good chance that the CBS log will be too large to upload here (as the maximum file size is 1MB) and if this is the case, please upload it to SendSpace then send me the link:

http://www.sendspace.com

To embed images in a post, attach the image to the post using the method outlined above, but before you post it, click on Add to Post next to the image attachment listed under the post editor, here:

Capture.JPG

It will display images like this:

BG.jpg

Tom
  • 0

#23
sem40

sem40

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
the file is attached. thanks for help

Attached Files

  • Attached File  cbs.txt   988.15KB   38 downloads

  • 0

#24
sem40

sem40

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Wow. Now I got a new problem - my Fox News home page is totally screwed up. There are no videos or pictures in Features or Faces or in the area of Stock Market or Watch Now. There is a similar situation with AOL. I had found this MS Community but I don't know what to do with it (page 2 prior to last reply by bradza fm Nov.18, 2012, might be the solution or not, who knows? I definitely don't) Why me? (nervous lol)

2013-08-10_231357.png 2013-08-10_231430.png
  • 0

#25
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

It seems that the problem is because the HOSTS file we put in place is a little over sensitive, so let's just remove it. Run this FixIt to reset the HOSTS file, then reboot and let me know if the issue remains.

http://support.microsoft.com/kb/972034

Tom
  • 0

Advertisements


#26
sem40

sem40

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Yes, you were right, Hosts were blocking pictures and videos and after I reverted them back, the old message came back. I think, if it's impossible to remove it permanently, I can live with it. It's annoying, but livable.

2013-08-11_154354.png
  • 0

#27
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

It's great that it solved the problem! :)

I suspect that's something to do with the spyware protection you have on your computer, so can you try uninstalling Spybot S&D until we get to the bottom of this?

Tom
  • 0

#28
sem40

sem40

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Done
  • 0

#29
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

Did that have any effect on the ActiveX warnings?

Tom
  • 0

#30
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi sem40,

It's been 3 days since I last heard from you so I just wanted to make sure everything is okay? Threads are normally closed after three days of inactivity but if you need more time then just let me know :)

Tom
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP