Constant Secutiry Alerts

emailmaven
emailmaven used Ask the Experts™
on
Hi I am using windows 10 and every few minutes I am getting a security alert about an expired certificate for flogs.com. I may at some point have used their calendar extension but I am sure I deleted the program as now all I can find is a registry key that relates to flogs.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/search?q=flogs&form=WNSGPH&qs=AS&cvid=e76c4dec24f643328f2ed7ec58970633&pq=flogs&nclid=F3E1DD3AB0CB06AF70697C998E6BE17C&ts=1453832049341&nclidts=1453832049&tsms=341

I see the open with for this key is set for chrome.exe.

I am assuming (ass-uming I think)  this is what is causing the problem since it is the only thing on my system that is associated with flogs at all. If I remove this it will create even more complications? This alert is making me crazy.

I have deleted chrome.exe from the OpenWith a registry item but I am still seeing this message constantly.
I am not even sure what software is initiating this error at this point.

I have attached captures of the warning and the certification path from the  properties panel.

RL
security-alert-error.jpg
security-alert-properties.jpg
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2013

Commented:
Delete away - that should fix it after a restart.

Author

Commented:
Hi,

Nope, not the trick, still an issue, I see something for flog in registry, is this related? I am clueless about the registry. I am just grasping at straws here. The error popped up as soon as I restarted this time.

HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-c..plus-runtime-txflog_31bf3856ad364e35_10.0.10586.0_none_0f7d4585f56d40f0

RL
Most Valuable Expert 2013

Commented:
You still have something running that wants to connect to flogs.com on launch
Your browser is correctly identifying that flogs.com' web security certificate has expired

MSConfig or Autoruns will list what's set to run at startup have a look through and see if something rings a bell

in the meantime you can put that entry back into the registry by renaming the attached file restore.txt to restore.reg and running it to merge into the system registry

(txflog is a transaction log and nothing to do with flogs)
restore.txt
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Author

Commented:
Hi I restarted several times and see that it pops up shortly after outlook starts most of the time.

Author

Commented:
Hi not seeing anything anywhere. Looking in msconfig and startup items, nothing comes up in a regular search. Is there anything I can enter in the cmd prompt to find what is trying to connect to flogs.com?

There is something in startup that is named Program with no publisher, it is enabled and not measured. I have no idea what that is for.

RL
Most Valuable Expert 2013

Commented:
Have a look in Outlook Options Add-ins - see if your Flogs Calendar is still active there.

You can always untick an item in MSConfig Startup and see what happens on restart - it's simple enough to check the box again

Author

Commented:
Hi That's the thing there is no flogs anywhere it is not in Outlook add-ins or com ad-ins, not in startup items I am so dumbfounded by this.

RL
Most Valuable Expert 2013

Commented:
OK then let's have a closer look
Can you download and run HijackThis?

Right-click on the icon and choose run as administrator
Accept the licence
Choose "Do a system scan and save a log file"
Have a look through the textfile that's generated - if your OK publishing the contents online post it here as an attachment.
Only make changes if you know what you are doing.

Author

Commented:
Hi

Thanks for reviewing this.
hijackthis.log
Most Valuable Expert 2013
Commented:
It looks pretty clean, I might be a while with it.

You're using Dashlane as a PW manager - might you still have a reference to a flogs.com account in there?
If flogs.com does appear in your registry, perhaps it uses the IP Address rather than the domain name.  flogs.com seems to be in Dublin, Eire (Ireland), and has the IP Address 54.246.197.117.  This might be useful when searching Regedit, HiJack This logs, or when running commands like TASKLIST.

Author

Commented:
MASQ there was an entry in dashlane. I never would have thought of that one. Thanks so much for that insight. It did pop up once but haven't seen it again in a while. Hopefully that was the issue.

Thanks again
Rose

Author

Commented:
Hi Sorry to say that error is back. Any other logs that will help figure this out?

RL
Most Valuable Expert 2013

Commented:
How much of a pain would it be to uninstall Dashlane completely - including removing the browser plug-ins and KWIEBar toolbar add-in?

Author

Commented:
Hi

I removed it removed the ie add-ins and reinstalled dashlane but this is still happening, do I need to remove the registry entries before reinstalling it? After removing the application and files the registry still had dashlane entries listed after I deleted the program via the control panel and restarted the system.
Most Valuable Expert 2013

Commented:
Yes, looks like dashlane retains your account details in case you want to reinstall.  Helpful for most users but not in this situation.

If you are using a premium account then dashlane will resynchronize with their servers on reinstall and if the rogue entry is there it will be reloaded onto your PC.

I guess the best indicator is to run the PC for long enough to know flogs isn't being accessed before reinstalling.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial