Avatar of emailmaven
emailmaven
 asked on

Constant Secutiry Alerts

Hi I am using windows 10 and every few minutes I am getting a security alert about an expired certificate for flogs.com. I may at some point have used their calendar extension but I am sure I deleted the program as now all I can find is a registry key that relates to flogs.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=flogs&form=WNSGPH&qs=AS&cvid=e76c4dec24f643328f2ed7ec58970633&pq=flogs&nclid=F3E1DD3AB0CB06AF70697C998E6BE17C&ts=1453832049341&nclidts=1453832049&tsms=341

I see the open with for this key is set for chrome.exe.

I am assuming (ass-uming I think)  this is what is causing the problem since it is the only thing on my system that is associated with flogs at all. If I remove this it will create even more complications? This alert is making me crazy.

I have deleted chrome.exe from the OpenWith a registry item but I am still seeing this message constantly.
I am not even sure what software is initiating this error at this point.

I have attached captures of the warning and the certification path from the  properties panel.

RL
security-alert-error.jpg
security-alert-properties.jpg
Windows OS

Avatar of undefined
Last Comment
☠ MASQ ☠

8/22/2022 - Mon
☠ MASQ ☠

Delete away - that should fix it after a restart.
emailmaven

ASKER
Hi,

Nope, not the trick, still an issue, I see something for flog in registry, is this related? I am clueless about the registry. I am just grasping at straws here. The error popped up as soon as I restarted this time.

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-c..plus-runtime-txflog_31bf3856ad364e35_10.0.10586.0_none_0f7d4585f56d40f0

RL
☠ MASQ ☠

You still have something running that wants to connect to flogs.com on launch
Your browser is correctly identifying that flogs.com' web security certificate has expired

MSConfig or Autoruns will list what's set to run at startup have a look through and see if something rings a bell

in the meantime you can put that entry back into the registry by renaming the attached file restore.txt to restore.reg and running it to merge into the system registry

(txflog is a transaction log and nothing to do with flogs)
restore.txt
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
emailmaven

ASKER
Hi I restarted several times and see that it pops up shortly after outlook starts most of the time.
emailmaven

ASKER
Hi not seeing anything anywhere. Looking in msconfig and startup items, nothing comes up in a regular search. Is there anything I can enter in the cmd prompt to find what is trying to connect to flogs.com?

There is something in startup that is named Program with no publisher, it is enabled and not measured. I have no idea what that is for.

RL
☠ MASQ ☠

Have a look in Outlook Options Add-ins - see if your Flogs Calendar is still active there.

You can always untick an item in MSConfig Startup and see what happens on restart - it's simple enough to check the box again
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
emailmaven

ASKER
Hi That's the thing there is no flogs anywhere it is not in Outlook add-ins or com ad-ins, not in startup items I am so dumbfounded by this.

RL
☠ MASQ ☠

OK then let's have a closer look
Can you download and run HijackThis?

Right-click on the icon and choose run as administrator
Accept the licence
Choose "Do a system scan and save a log file"
Have a look through the textfile that's generated - if your OK publishing the contents online post it here as an attachment.
Only make changes if you know what you are doing.
emailmaven

ASKER
Hi

Thanks for reviewing this.
hijackthis.log
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
☠ MASQ ☠

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
BillDL

If flogs.com does appear in your registry, perhaps it uses the IP Address rather than the domain name.  flogs.com seems to be in Dublin, Eire (Ireland), and has the IP Address 54.246.197.117.  This might be useful when searching Regedit, HiJack This logs, or when running commands like TASKLIST.
emailmaven

ASKER
MASQ there was an entry in dashlane. I never would have thought of that one. Thanks so much for that insight. It did pop up once but haven't seen it again in a while. Hopefully that was the issue.

Thanks again
Rose
emailmaven

ASKER
Hi Sorry to say that error is back. Any other logs that will help figure this out?

RL
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
☠ MASQ ☠

How much of a pain would it be to uninstall Dashlane completely - including removing the browser plug-ins and KWIEBar toolbar add-in?
emailmaven

ASKER
Hi

I removed it removed the ie add-ins and reinstalled dashlane but this is still happening, do I need to remove the registry entries before reinstalling it? After removing the application and files the registry still had dashlane entries listed after I deleted the program via the control panel and restarted the system.
☠ MASQ ☠

Yes, looks like dashlane retains your account details in case you want to reinstall.  Helpful for most users but not in this situation.

If you are using a premium account then dashlane will resynchronize with their servers on reinstall and if the rogue entry is there it will be reloaded onto your PC.

I guess the best indicator is to run the PC for long enough to know flogs isn't being accessed before reinstalling.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck