Issues with security certificates

Discussion in 'Malware Help (A Specialist Will Reply)' started by Electric_One, Aug 15, 2014.

  1. Electric_One

    Electric_One Private E-2

    Hello,

    Let me start by saying this is my husband's laptop which I only access on the weekends to perform anti-virus and anti-malware scans. Otherwise I do not use this laptop.

    The laptop is an HP Compaq CQ61-313US laptop running Windows 7 Home (64 bit). When I start any of the three browsers, I am getting "unusual" error messages:

    Firefox message is "Secure Connection Failed. Error Code: Sec_error_bad_signature".

    IE message is "There is a problem with this website's security certificate."

    Google Chrome message is "The site's security certificate is not trusted."

    This occurs when I am logged in as a "regular" user. If I log in as "administrator", all three browsers work properly. I have performed my usual anti-virus and anti-malware scans, but the problems persist. I have also tried a system restore to an earlier date. No luck.

    I will be happy to follow your "Read Me First" protocol; however I will only be able to do that as the "administrator" on this laptop, not as a regular user since none of my browsers will allow me to advance past the error messages. Please advise.

    Thanks.
     
    Electric_One, Aug 15, 2014
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Run the scans and lets see what pops up.
     
    TimW, Aug 15, 2014
    #2
  3. Electric_One

    Electric_One Private E-2

    So I am running them all as "administrator"?
     
    Electric_One, Aug 15, 2014
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes.
     
    TimW, Aug 15, 2014
    #4
  5. Electric_One

    Electric_One Private E-2

    OK. I am at work right now, but I will be posting my results. Thanks.
     
    Electric_One, Aug 15, 2014
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    When ever you are ready.
     
    TimW, Aug 15, 2014
    #6
  7. Electric_One

    Electric_One Private E-2

    I just got home. This is embarrassing, but I can't seem to find the "Read Me First" section which directs me to the menu of requested scans.
     
    Electric_One, Aug 15, 2014
    #7
  8. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    dr.moriarty, Aug 15, 2014
    #8
  9. Electric_One

    Electric_One Private E-2

    I have run all five scans in the Read Me First section. Which logs would you like to see? I will send them in the morning. Thanks.
     
    Electric_One, Aug 15, 2014
    #9
  10. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    All five from the tools you ran. See Step 4: Do You Still Have Problems in the previous link I gave.
     
    dr.moriarty, Aug 15, 2014
    #10
  11. Electric_One

    Electric_One Private E-2

    Good morning,

    The problem persists. I have attached four logs (RoqueKiller, Malwarebytes, HitmanPro, MGTools). The others will follow in a separate post. Thanks!
     

    Attached Files:

    Electric_One, Aug 16, 2014
    #11
  12. Electric_One

    Electric_One Private E-2

    Here is the last of the logs (TDSSKiller).
     

    Attached Files:

    Electric_One, Aug 16, 2014
    #12
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I am not seeing any malware in your logs. However, you do need to rerun Hitman and have it remove all the PUP's.

    I suggest you post in the software forum for your issue with certificates.

    Since you are not having any malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
     
    TimW, Aug 16, 2014
    #13
  14. Electric_One

    Electric_One Private E-2

    Thank you. I appreciate your efforts. :cool
     
    Electric_One, Aug 16, 2014
    #14
  15. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    @Electric_One Are you deliberately set up to use a proxy?
     
    Kestrel13!, Aug 16, 2014
    #15
  16. Electric_One

    Electric_One Private E-2

    Tim,

    I have been "sent back" to you to "finish off cleaning up. Explain you do not set up deliberately a proxy."
     
    Electric_One, Aug 16, 2014
    #16
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and have it fix these items:
    Code:
    ¤¤¤ Registry Entries : 32 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49178;https=127.0.0.1:49178  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49178;https=127.0.0.1:49178  -> FOUND
    Reboot and test your internet. Then rescan with RogueKiller and attach the new log.
     
    TimW, Aug 16, 2014
    #17
  18. Electric_One

    Electric_One Private E-2

    OK. Will do. I have to go out for a while. I will re-run RogueKiller when I return. Thank you!
     
    Electric_One, Aug 16, 2014
    #18
  19. Electric_One

    Electric_One Private E-2

    Here is the new RogueKiller log after following your previous instruction. All of these scans have been run as "administrator".
     

    Attached Files:

    Electric_One, Aug 16, 2014
    #19
  20. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please rerun Rog have it fix these items:
    Code:
    ¤¤ Registry Entries : 38 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49200;https=127.0.0.1:49200  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49200;https=127.0.0.1:49200  -> FOUND
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49169;https=127.0.0.1:49169  -> FOUND
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1791462599-2940283631-1314721613-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49169;https=127.0.0.1:49169  -> FOUND
    Then click on the DNS tab and have it fix what it finds there.

    Reboot and rescan with RogueKiller and attach a new log.
     
    TimW, Aug 17, 2014
    #20
  21. Electric_One

    Electric_One Private E-2

    I believe that I did something incorrectly the last time that I tried to have Rog "fix" the proxy problems on the last scan. After the scan was complete, I checked the boxes next to the four proxy items, then clicked the Delete button on the right of the screen. I don't believe that anything was deleted because after running Rog the second time, there were now eight proxy items listed. How do I get Rog to "fix" those proxy items?
     
    Electric_One, Aug 17, 2014
    #21
  22. Electric_One

    Electric_One Private E-2

    Here is the latest Rog log. I have also attached a screen shot of RogueKiller. I do not see a DNS tab.
     

    Attached Files:

    Electric_One, Aug 17, 2014
    #22
  23. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    That removed them. Are you still having issues with your browser?
     
    TimW, Aug 17, 2014
    #23
  24. Electric_One

    Electric_One Private E-2

    When no malware was detected, I was referred to "Software". When asked about a proxy by the person in "Software", I stated that I was unfamiliar with the term "proxy". I was then directed back to "Malware Removal" to "finish cleaning up and not deliberately setting up a proxy". I feel that I should have provided additional information from the outset: I have a desktop PC with a modem and a router (the modem and router are hard-wired). All of my other devices operate wirelessly from this single work station. Is this what is meant by "proxy"? I ask because I am now getting the following messages when I try to open the three browsers on the laptop:

    IE - The proxy server isn't responding. Unable to open the search page.

    Firefox - The proxy server is refusing connections.

    Google Chrome - Unable to connect to the proxy server.
     
    Electric_One, Aug 17, 2014
    #24
  25. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    TimW, Aug 18, 2014
    #25
  26. Electric_One

    Electric_One Private E-2

    At work right now. Will try this after 6pm this evening. Thanks!
     
    Electric_One, Aug 18, 2014
    #26
  27. Electric_One

    Electric_One Private E-2

    Tim,

    Unfortunately, the browser resets did not work. :-(
     
    Electric_One, Aug 18, 2014
    #27
  28. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Download Windows Repair by Tweaking.com and unzip the contents into a newly created folder on your desktop.
    • Now run Repair_Windows.exe by double clicking on it ( if you are running Vista or Win 7, use right click and select Run As Administrator)
    • Now select the Start Repairs tab.
    • The click the Start button.
    • Create a System Restore point if prompted.
    • On the next screen, click the Unselect All button to first deselect all repairs.
    • Now select the following repair options:
      • Reset Registry Permissions
      • Reset File Permissions
      • Register System Files
      • Repair WMI
      • Repair Windows Firewall
      • Remove Policies Set By Infections
      • Repair Winsock & DNS Cache
      • Repair Proxy Settings
      • Repair Windows Updates
      • Set Windows Services To Default Startup
    • Now on the lower right side check the box to Restart/Shutdown System When Finished
    • Then make sure the Restart System radio button is enabled.
    • Shutdown any other programs that you are running now before continuing.
    • Now click the Start button.
    • Be patient while the tool repairs the selected items.
    • It should reboot automatically when finished.

    After reboot, check to see if your internet is working.
     
    Kestrel13!, Aug 19, 2014
    #28
  29. Electric_One

    Electric_One Private E-2

    Good morning,

    Since I had previously run all other scans, etc as "administrator" because I could not access the Internet as the "user", I reset the browsers as "administrator" also. When I woke up earlier than usual this morning, I thought that I should have tried to reset the browsers while logged in as the "user" that was giving me the trouble in the first place. After resetting the browsers as "user", I am happy to report that all three browsers appear to be working properly now!
     
    Electric_One, Aug 19, 2014
    #29
  30. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Oh, glad to hear it! :)
     
    Kestrel13!, Aug 19, 2014
    #30
  31. Electric_One

    Electric_One Private E-2

    Thanks so much for your perseverance in resolving my issue. I was unaware of being able to reset a browser. I was contemplating removing all three browsers and re-installing them from a flash drive or, as a last resort, reformatting the hard drive. Thanks for saving me the trouble! :)
     
    Electric_One, Aug 19, 2014
    #31
  32. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Good to know. Safe surfing. :)
     
    TimW, Aug 19, 2014
    #32

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds