Go Back   Tech Support Forum > Microsoft Support > Windows XP Support

That Damned "Open File - Security Warning" !!

This is a discussion on That Damned "Open File - Security Warning" !! within the Windows XP Support forums, part of the Tech Support Forum category. Running :- WinXP HOME SP3 IE7, standalone PC, but using shared wireless modem (Vista laptop) Not running :- GPedit (Home


Closed Thread
 
Thread Tools Search this Thread
Old 08-26-2008, 11:35 AM   #1
Registered Member
 
Join Date: Jan 2008
Location: Up t'North,UK
Posts: 24
OS: Windows 7 SP1 x64

My System

Mistake

Running :- WinXP HOME SP3 IE7, standalone PC, but using shared wireless modem (Vista laptop)
Not running :- GPedit (Home system) so the tweaks regarding this are out the window straight away.

....and all of a sudden I start getting the above warning box when opening .exe files (not all of them) including IE7 and strangely, if I click on show Desktop !?!
Maybe Windows knows something I don't !
Also occurs with .reg, .vbs, and other random files, again not all of them. this started on the 23rd Aug, the last auto update was the 18th Aug., that is, until today when I un-installed and re-installed IE7 as I've been reading it may be an issue with it's security settings. Didn't cure it though ! Still got the warnings with IE6.
Other strange things I've (so far) found are :-
Links toolbar shows up ok but is empty, the links folder in Favorites (and under username) however shows 72 entries grouped in folders, none of whose properties are marked as hidden.
Finally, S/ware program Advanced System Cleaner no longer runs as it has always "encountered a problem and needs to close, hope you weren't in the middle etc."
Kaspersky AV, Malwarebytes (both up to date) and Trend Home Visit all show up clean, so basically I think it's a settings issue.
The settings in intranet have been changed as per web sites (Why Though? It's a standalone PC.)). Ive added 2 entries

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations]
"LowRiskFileTypes"="blah blah insert file types here"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments]
"SaveZoneInformation"=dword:00000001

This seems to have stopped it happening with .reg files but nothing else and they're all in there. So

a)- How do I stop it ? It's driving me barmey !!
b)- Any ideas why this may have started ?

Im posting a copy of my HJT (which opened without that warning) log here, for info., I can see nothing obviously out of place or wrong.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:11, on 26/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus '09\avp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus '09\avp.exe
C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe
C:\PROGRAM FILES\LCLOCK\LCLOCK.EXE
C:\PROGRAM FILES\VISTA DRIVE ICON\DRVICON.EXE
C:\PROGRAM FILES\VISUALTASKTIPS\VISUALTASKTIPS.EXE
C:\PROGRAM FILES\ALPHAXP\ALPHAXP.EXE
C:\PROGRAM FILES\HANDICAPSLOCK\HANDICAPSLOCK.EXE
C:\PROGRAM FILES\CUTE PASSWORD MANAGER\SYSTRAY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\SOFTWARE ADMIN\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Elmer B. Fuddleds' T' Interweb
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7Pro\iepro.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus '09\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: JJFormBHO.CFormBHO - {DC5F9604-C6E2-47D0-8E0F-E60FCCB334C7} - C:\Program Files\Cute Password Manager\JJFormBHO.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus '09\avp.exe"
O4 - Startup: TTUSBBGMonitor.exe.lnk = C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7Pro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Cute Password Manager - {1C86808B-076C-462C-9B24-6B943453DA95} - C:\Program Files\Cute Password Manager/SysTray.exe
O9 - Extra 'Tools' menuitem: Cute Password Manager - {1C86808B-076C-462C-9B24-6B943453DA95} - C:\Program Files\Cute Password Manager/SysTray.exe
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus '09\SCIEPlgn.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1217887453109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1218018877046
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~2\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus '09\avp.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

__________________
Elmer Fudd 58 is offline  
Old 08-26-2008, 04:34 PM   #2
Registered Member
 
Join Date: Jan 2008
Location: Up t'North,UK
Posts: 24
OS: Windows 7 SP1 x64

My System


Patched (Botched) over, but not cured.

Well after adding the Desktop .scf file, which I thought was an .exe, to the low risk registry entrie(s) above and a couple of re-boots nearly all seems to have settled back down again. WinPatrol being the one exe that springs to mind that's still playing up although I haven't been through them all yet.

Strange thing is that nothing was stopped from being d/loaded from the web, just when I tried to execute them.

Even stranger is why this started and I'm suddenly having to mess about in the registry .

If anyone has any clues I'd love to know !
__________________
Elmer Fudd 58 is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 10:38 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts