• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos1

Strong Vault: malware

Strong Vault is an application that is downloaded as a free addition in several internet download packages.  The product appears to do what it is supposed to do but collects information from all sorts of activities.  This information apparently doesn't go anywhere maliciously but it is not HIPAA compliant as a retention of PHI protected health information.  It also keeps any other program from changing you home page or preferred  search provider from SEARCHQU which tracks your searches and records the data without distributung it.  No real problem until you try to delete it.  After running the uninstall there continue to be myriad alerts and blockages of program function that are apparently left over from Strong Vault and the cache it formed still exists.  There is a 10 page discussion thread with incredibly complex measures for removing this application and removing it with revo uninstaller included a lot of programs to which it is linked including winzip,  all browsers: IE,Firefox, Chrome, Safari, and Opera, were a few tha stood out.  All of them had to be scrubbed.  The MSI file that removes all these links fine but only the link from one of the three propietary upgrades of Strong Vault which it will not uninstall untill you reinstall it.  Apparently, no one has had trouble getting back their money after this reinstall the upgrade in order to uninstall the free version but right now it is unclear about what happens during this reinstall then uninstall maneuver.  The tracking logs may be extensive and just appear to have vanished.  In any case it is suspiciously like a trojan horse that I think it should be investigated before it is dubbed a "safe program"    http://answers.microsoft.com/en-us/windows/forum/windows_other-windows_programs/what-program-is-strong-vault-connected-to/f9cfb0e2-af3b-46ca-80a4-470c8d36f8fc.  Strong hold appears to be another manifestation of this theme and microsoft fixit recognizes bothe as files that leave undeletable registry keys. Bob Sindel

Replies

Kudos0

Re: Strong Vault: malware

" it with revo uninstaller included a lot of programs to which it is linked including winzip,  all browsers: IE,Firefox, Chrome, Safari, and Opera, were a few tha stood out, All of them had to be scrubbed."

 

 

That does not need to happen, that program strong vault can be removed and the other objects, without removing browsers and winzip.

 

For those who know what they are doing,  

 

Quads

Kudos0

Re: Strong Vault: malware


rsindel wrote:

......  all browsers: IE,Firefox, Chrome, Safari, and Opera, were a few tha stood out.  All of them had to be scrubbed. 


By scrubbed do you mean 'rub hard or cleaned' or did you mean its slang use which is 'to cancel or remove'?

Kudos0

Re: Strong Vault: malware

I downloaded strongvault by accident when one of those sites attached additional programs onto a free downloadable program. Immediately, I noticed that little microsoft logo. That was sign of bad news. I found the folder it downloaded too, and attempted to delete the files. All deleted but a file called SMESENGER.EXE. Then I went and blocked the websites stronghold.com and strongvaultfree.com. However, more recent activity is showing this kind of text [ http://download4free.org/flashplayer/pro/index.php?&_mcnc&af=1000&of=1042&al=WARNING! Please Install Flash Player Pro To Continue.&c1=w.yahoo.com/ ]. A friend had this malware before. If I remember right eventually it starts to do a lot more redirecting. Eventually we only saved our computer because we accessed the other user account of the seperated  accounts. Then we ran nortons clean-up. In the last few hours before it began to access our icons and prevent clicking, we switched over to the other users acount which had not been infected. This saved the computer until we had everything re-installed.

Kudos0

Re: Strong Vault: malware

PUP  .iBryte, Downloads Whitesmoke_check.exe and a lot more PUP's  (pricegong etc.)

I will post a screenshot of the downloader / installer soon.  This is as far as it got with me

I cut the ads off the bottom

Quads

Kudos2

Re: Strong Vault: malware

Whitesmoke_check
chica password manager 2.0
Quick Share (widget also)
PriceGong
Free twit Tube (new one for me to hear of)
yontoo
Flash Player Pro

Smartbar

Tarma Installer

SmartbarBackup

***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\PriceGong
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Marewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Found : C:\Users\Marewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Folder Found : C:\Users\Marewa\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Marewa\AppData\Local\Smartbar
Folder Found : C:\Users\Marewa\AppData\Local\Temp\Smartbar
Folder Found : C:\Users\Marewa\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SmartbarBackup
Key Found : HKCU\Software\SmartbarLog
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Found : HKLM\Software\Tarma Installer
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Quads

Kudos0

Re: Strong Vault: malware

And a fine looking mess that is

Glad you are on top of it and can provide solutions

Again thanks for all you are doing

Dick Win7x64 SP1 current NSBU
Kudos0

Re: Strong Vault: malware

Hi, just wanted to say I had simimlar problems, loaded strongvault as I loaded some freeware.  I imiediately uninstalled it using Program and features.  However even though all the files seem to have disapeared, everytime norton utilities loaded Strongvault tried to reload causing Norton to hangup.

WinFix did not help at all.  Eventually I found the msi file on Strongvaults website.  The MSI file reloaded Strongvault then running it again uninstalls it.  Funny thing though after running it in remove mode all the files were still in the original folder location.  So I ran the normal uninstall again via programs and features and rebooted.  All the files appear to be gone and Norton Utilities now opens without problems.  Hopefully it will continue to do so.

Win 7 64bit SP1,  Norton Utilites 15.

http://stronghold.com/app/Setup_SV.msi