Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

UAC re-enabling itself?

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 05-06-2008
void.no.spam.com@gmail.com
 

Posts: n/a
UAC re-enabling itself?
I turned off UAC on my parents' new computer a couple days ago.
Yesterday, my dad encountered some spyware while browsing (he called
me over and I noticed that Firefox had somehow gone to
onlinexpscanner.com and downloaded a suspicious executable, and there
was a prompt to run the program). I am now trying to figure out if
any spyware got installed onto the computer. The first thing I have
noticed is that UAC is now enabled, even though I had disabled it a
couple days ago. How did that happen? Could any Windows updates have
re-enabled it?

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 05-06-2008
Adam Albright
 

Posts: n/a
Re: UAC re-enabling itself?
On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam.com@gmail.com"
<void.no.spam.com@gmail.com> wrote:

>I turned off UAC on my parents' new computer a couple days ago.
>Yesterday, my dad encountered some spyware while browsing (he called
>me over and I noticed that Firefox had somehow gone to
>onlinexpscanner.com and downloaded a suspicious executable, and there
>was a prompt to run the program). I am now trying to figure out if
>any spyware got installed onto the computer. The first thing I have
>noticed is that UAC is now enabled, even though I had disabled it a
>couple days ago. How did that happen? Could any Windows updates have
>re-enabled it?



Surprise. onlinexpscanner.com IS the threat. It's often called social
engineering. Dear old dad or someone with access to this computer
might have visited this site under the lure of a free system scan.
Sounds harmless enough, except it reports bogus things wrong with you
system and then installs itself. Newer versions of anti virus and
malware programs like AVG will flag hostile web sites so only dummies
like Frank would be dumb enough to still click on them.

Confirm onlinexpscanner is on your system. Look in Task Manager under
processes tab.

According to Google there are many web sites that tell you how to
remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
site! Use Google to find web pages that talk about it and offer
methods to remove it.

First install AVG 8.0. This is a reliable company that makes real anti
virus and malware protection software. Once installed when you enter
onlinexpscanner into Google and similar threats it will have a red X,
while "trusted" sites with have a green check mark.

This sounds like a Trojan, not spyware. Trojans have the ability to
hijack your system so somebody can remotely control your computer and
yes, that means exactly what it sounds like.

Reply With Quote
  #3 (permalink)  
Old 05-06-2008
void.no.spam.com@gmail.com
 

Posts: n/a
Re: UAC re-enabling itself?
On May 5, 11:32*pm, Adam Albright <A...@ABC.net> wrote:
> On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com"
>
> <void.no.spam....@gmail.com> wrote:
> >I turned off UAC on my parents' new computer a couple days ago.
> >Yesterday, my dad encountered some spyware while browsing (he called
> >me over and I noticed that Firefox had somehow gone to
> >onlinexpscanner.com and downloaded a suspicious executable, and there
> >was a prompt to run the program). *I am now trying to figure out if
> >any spyware got installed onto the computer. *The first thing I have
> >noticed is that UAC is now enabled, even though I had disabled it a
> >couple days ago. *How did that happen? *Could any Windows updates have
> >re-enabled it?

>
> Surprise. onlinexpscanner.com IS the threat. It's often called social
> engineering. Dear old dad or someone with access to this computer
> might have visited this site under the lure of a free system scan.
> Sounds harmless enough, except it reports bogus things wrong with you
> system and then installs itself. Newer versions of anti virus and
> malware programs like AVG will flag hostile web sites so only dummies
> like Frank would be dumb enough to still click on them.


Yeah, I figured it was one of those "anti-spyware" sites that really
install spyware onto your computer.


> Confirm onlinexpscanner is on your system. Look in Task Manager under
> processes tab.
>
> According to Google there are many web sites that tell you how to
> remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
> site! Use Google to find web pages that talk about it and offer
> methods to remove it.
>
> First install AVG 8.0. This is a reliable company that makes real anti
> virus and malware protection software. Once installed when you enter
> onlinexpscanner into Google and similar threats it will have a red X,
> while "trusted" sites with have a green check mark.


I did install AntiVir onto the computer, but that sounds like a cool
feature in AVG. Would that be AVG Antivirus or AVG Antispyware?


> This sounds like a Trojan, not spyware. Trojans have the ability to
> hijack your system so somebody can remotely control your computer and
> yes, that means exactly what it sounds like.


I went to the second site that came up in Google for "onlinexpscanner"
- http://www.411-spyware.com/remove-onlinexpscanner-com. That is
legitimate, right? I checked for the processes/files/registry keys
that it mentioned, and I don't see anything. I do have Explorer
configured to show all hidden/system files, and I told Task Manager to
show processes for all users.

But I guess I'm still a little paranoid. Do you think Windows
Defender would have stopped the spyware from executing?

Also, what do you think of using System Restore? There is a restore
point that is prior to my dad's encounter with the spyware site, so if
I restored the system to that point, would it guarantee that any
spyware would be removed? I'm not sure if that would work, because I
read that System Restore does not restore everything.
Reply With Quote
  #4 (permalink)  
Old 05-06-2008
Nonny
 

Posts: n/a
Re: UAC re-enabling itself?
On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com"
<void.no.spam.com@gmail.com> wrote:

>> First install AVG 8.0. This is a reliable company that makes real anti
>> virus and malware protection software. Once installed when you enter
>> onlinexpscanner into Google and similar threats it will have a red X,
>> while "trusted" sites with have a green check mark.

>
>I did install AntiVir onto the computer, but that sounds like a cool
>feature in AVG. Would that be AVG Antivirus or AVG Antispyware?


It's the latest version of AVG antivirus. Very nice.
Reply With Quote
  #5 (permalink)  
Old 05-06-2008
Mick Murphy
 

Posts: n/a
Re: UAC re-enabling itself?
Use the programs I have listed below, and you will have no more probs.

http://service1.symantec.com/SUPPORT...05033108162039

Above is the link for Norton Removal Tool; if using Norton.

Vista’s Firewall is very good!

http://www.avast.com/eng/download-avast-home.html

Above is a link to Avast Free 4 Home Anti-Virus
It is low resource using, free and Vista 32bit and 64bit compatible.
Only have one (1) anti-virus installed; more than 1 can cause conflicts.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2”
Download it, install it, update it, immunize your system and scan your
System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware
being downloaded to your Computer, use SpywareBlaster 4, available at the
above link.

IMPORTANT ADVICE: After scanning with the above Programs, problems still
remain.

Reboot computer, and tap F8 at power on/ startup. From the list of options
that appears, select Safe mode by using the UP and DOWN Arrows, then hit
ENTER.

Rescan the computer in Safe mode.

--
Mick Murphy - Qld - Australia


"void.no.spam.com@gmail.com" wrote:

> On May 5, 11:32 pm, Adam Albright <A...@ABC.net> wrote:
> > On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com"
> >
> > <void.no.spam....@gmail.com> wrote:
> > >I turned off UAC on my parents' new computer a couple days ago.
> > >Yesterday, my dad encountered some spyware while browsing (he called
> > >me over and I noticed that Firefox had somehow gone to
> > >onlinexpscanner.com and downloaded a suspicious executable, and there
> > >was a prompt to run the program). I am now trying to figure out if
> > >any spyware got installed onto the computer. The first thing I have
> > >noticed is that UAC is now enabled, even though I had disabled it a
> > >couple days ago. How did that happen? Could any Windows updates have
> > >re-enabled it?

> >
> > Surprise. onlinexpscanner.com IS the threat. It's often called social
> > engineering. Dear old dad or someone with access to this computer
> > might have visited this site under the lure of a free system scan.
> > Sounds harmless enough, except it reports bogus things wrong with you
> > system and then installs itself. Newer versions of anti virus and
> > malware programs like AVG will flag hostile web sites so only dummies
> > like Frank would be dumb enough to still click on them.

>
> Yeah, I figured it was one of those "anti-spyware" sites that really
> install spyware onto your computer.
>
>
> > Confirm onlinexpscanner is on your system. Look in Task Manager under
> > processes tab.
> >
> > According to Google there are many web sites that tell you how to
> > remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
> > site! Use Google to find web pages that talk about it and offer
> > methods to remove it.
> >
> > First install AVG 8.0. This is a reliable company that makes real anti
> > virus and malware protection software. Once installed when you enter
> > onlinexpscanner into Google and similar threats it will have a red X,
> > while "trusted" sites with have a green check mark.

>
> I did install AntiVir onto the computer, but that sounds like a cool
> feature in AVG. Would that be AVG Antivirus or AVG Antispyware?
>
>
> > This sounds like a Trojan, not spyware. Trojans have the ability to
> > hijack your system so somebody can remotely control your computer and
> > yes, that means exactly what it sounds like.

>
> I went to the second site that came up in Google for "onlinexpscanner"
> - http://www.411-spyware.com/remove-onlinexpscanner-com. That is
> legitimate, right? I checked for the processes/files/registry keys
> that it mentioned, and I don't see anything. I do have Explorer
> configured to show all hidden/system files, and I told Task Manager to
> show processes for all users.
>
> But I guess I'm still a little paranoid. Do you think Windows
> Defender would have stopped the spyware from executing?
>
> Also, what do you think of using System Restore? There is a restore
> point that is prior to my dad's encounter with the spyware site, so if
> I restored the system to that point, would it guarantee that any
> spyware would be removed? I'm not sure if that would work, because I
> read that System Restore does not restore everything.
>

Reply With Quote
  #6 (permalink)  
Old 05-06-2008
Adam Albright
 

Posts: n/a
Re: UAC re-enabling itself?
On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com"
<void.no.spam.com@gmail.com> wrote:

>On May 5, 11:32*pm, Adam Albright <A...@ABC.net> wrote:
>> On Mon, 5 May 2008 20:06:29 -0700 (PDT), "void.no.spam....@gmail.com"
>>
>> <void.no.spam....@gmail.com> wrote:
>> >I turned off UAC on my parents' new computer a couple days ago.
>> >Yesterday, my dad encountered some spyware while browsing (he called
>> >me over and I noticed that Firefox had somehow gone to
>> >onlinexpscanner.com and downloaded a suspicious executable, and there
>> >was a prompt to run the program). *I am now trying to figure out if
>> >any spyware got installed onto the computer. *The first thing I have
>> >noticed is that UAC is now enabled, even though I had disabled it a
>> >couple days ago. *How did that happen? *Could any Windows updates have
>> >re-enabled it?

>>
>> Surprise. onlinexpscanner.com IS the threat. It's often called social
>> engineering. Dear old dad or someone with access to this computer
>> might have visited this site under the lure of a free system scan.
>> Sounds harmless enough, except it reports bogus things wrong with you
>> system and then installs itself. Newer versions of anti virus and
>> malware programs like AVG will flag hostile web sites so only dummies
>> like Frank would be dumb enough to still click on them.

>
>Yeah, I figured it was one of those "anti-spyware" sites that really
>install spyware onto your computer.
>
>
>> Confirm onlinexpscanner is on your system. Look in Task Manager under
>> processes tab.
>>
>> According to Google there are many web sites that tell you how to
>> remove this. Simply do a Goggle for onlinexpscanner. DO NOT go to the
>> site! Use Google to find web pages that talk about it and offer
>> methods to remove it.
>>
>> First install AVG 8.0. This is a reliable company that makes real anti
>> virus and malware protection software. Once installed when you enter
>> onlinexpscanner into Google and similar threats it will have a red X,
>> while "trusted" sites with have a green check mark.

>
>I did install AntiVir onto the computer, but that sounds like a cool
>feature in AVG. Would that be AVG Antivirus or AVG Antispyware?
>
>
>> This sounds like a Trojan, not spyware. Trojans have the ability to
>> hijack your system so somebody can remotely control your computer and
>> yes, that means exactly what it sounds like.

>
>I went to the second site that came up in Google for "onlinexpscanner"
>- http://www.411-spyware.com/remove-onlinexpscanner-com. That is
>legitimate, right? I checked for the processes/files/registry keys
>that it mentioned, and I don't see anything. I do have Explorer
>configured to show all hidden/system files, and I told Task Manager to
>show processes for all users.
>
>But I guess I'm still a little paranoid. Do you think Windows
>Defender would have stopped the spyware from executing?
>
>Also, what do you think of using System Restore? There is a restore
>point that is prior to my dad's encounter with the spyware site, so if
>I restored the system to that point, would it guarantee that any
>spyware would be removed? I'm not sure if that would work, because I
>read that System Restore does not restore everything.


I would just install AVG 8.0. The free version. Then let it run it's
anti-virus malware routine. If you still have onlinexpscanner or
anything else malicious on your system it should be able to isolate
it.

You are best off not trusting some unknown anti-spyware. That's how
you got in trouble in the first space. AVG has been around a long time
and has a good reputation. Use it. It is free. That's all you need.

If it is a Trojan it may hide itself and not show up in the processes
tab. It may or may not be on your system. By using AVG you'll find out
and it should be able to remove it or at least render it harmless.

If the system appears to be running ok, no real need to use a restore
point.

Reply With Quote
  #7 (permalink)  
Old 05-07-2008
C.B.
 

Posts: n/a
Re: UAC re-enabling itself?


"Nonny" <nonnymoose@yahoo.com> wrote in message
news:c4rv14ldscubsh3chssodouape6jkavqqp@4ax.com...
> On Mon, 5 May 2008 21:21:46 -0700 (PDT), "void.no.spam.com@gmail.com"
> <void.no.spam.com@gmail.com> wrote:
>
>>> First install AVG 8.0. This is a reliable company that makes real anti
>>> virus and malware protection software. Once installed when you enter
>>> onlinexpscanner into Google and similar threats it will have a red X,
>>> while "trusted" sites with have a green check mark.

>>
>>I did install AntiVir onto the computer, but that sounds like a cool
>>feature in AVG. Would that be AVG Antivirus or AVG Antispyware?

>
> It's the latest version of AVG antivirus. Very nice.



AVG AntiSpyware 7.5.1.43 plus is the last version of the antispyware
product offered by AVG. It is now incorporated into their new AVG Antivirus
8.0. Their antispyware product will no longer be offered as a standalone
product.

C.B.


--
It is the responsibility and duty of everyone to help the underprivileged
and unfortunate among us.

Reply With Quote
  #8 (permalink)  
Old 05-27-2008
Newsgal330
 

Posts: n/a
RE: UAC re-enabling itself?
The same thing happened to me just now (I use Windows XP). I was Googling,
went to a page I thought might have the info I was searching for, and bingo!
the screen turned into XP Scanner, complete with dire warnings (in red) that
I had a moderate tracking program installed, a moderate trojan, and a very
bad virus. My Norton protection, however, popped up and said the site did not
have an authentication signature. I immediately tried to exit...and the
dratted page gave me all kinds of grief. Every time I'd hit Cancel, the
computer looped back to the original WARNING window, and when I'd hit X, the
program download window would come up. I finally simply exited the Internet
altogether, and immediately ran a scan. No trojans, no viruses, and one minor
tracking program.

My advice is: ignore it, exit, and then run a quick scan to make sure
everything is OK.

"void.no.spam.com@gmail.com" wrote:

> I turned off UAC on my parents' new computer a couple days ago.
> Yesterday, my dad encountered some spyware while browsing (he called
> me over and I noticed that Firefox had somehow gone to
> onlinexpscanner.com and downloaded a suspicious executable, and there
> was a prompt to run the program). I am now trying to figure out if
> any spyware got installed onto the computer. The first thing I have
> noticed is that UAC is now enabled, even though I had disabled it a
> couple days ago. How did that happen? Could any Windows updates have
> re-enabled it?
>
>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
UAC re-enabling itself? void.no.spam.com@gmail.com microsoft.public.windows.vista.general 7 05-27-2008 21:18
Enabling Fonts. louie microsoft.public.windows.vista.performance maintenance 0 11-15-2007 06:28
Re-enabling Autrun Frosty microsoft.public.windows.vista.installation setup 2 05-22-2007 09:08
Enabling the Spammers Steve Security News 0 03-28-2007 07:42
Enabling Bluetooth =?Utf-8?B?b3JlZ29uZHVja21hbg==?= microsoft.public.windows.vista hardware devices 0 01-25-2007 23:08




All times are GMT +1. The time now is 10:02.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120