I'm getting this error on any HTTPS page and can't even login here in SuperUser.com if I use chrome.
You attempted to reach www.facebook.com, but the server presented a
certificate signed using a weak signature algorithm. This means that
the security credentials the server presented could have been forged
and the server may not be the server you expected (you may be
communicating with an attacker). You should not proceed, especially if
you have never seen this warning before for this site.
When you connect to a secure website, the server hosting that site
presents your browser with something called a "certificate" to verify
its identity. This certificate contains identity information, such as
the address of the website, which is verified by a third party trusted
by your computer. By checking that the address in the certificate
matches the address of the website, it is possible to verify that you
are securely communicating with the website that you intended and not
a third party (such as an attacker on your network).
In this case, the server certificate or an intermediate CA certificate
presented to your browser has been signed using a weak signature
algorithm such as RSA-MD2. Recent research by computer scientists
showed that the signature algorithm is weaker than previously believed
and the signature algorithm is rarely used by trustworthy websites
today. This certificate could have been forged.
So what I did first thing when I get this error is check the time if it is correct and everything seem to be okay about the timing. Second thing what I did is use `MalwareBytes Anti-Malware to see if I'm infected and the result was none.
I did clear the browser cache to the beginning of the time and still not help.
I did clean uninstall Chrome browser and did not help.
So now what I tried to look is where is the problem and I found something very suspesion
I looked at the certification path from Chrome browser of each page that actually have HTTPS and they look very similar
like an example of https://google.com
And here is from https://facebook.com
And here is from https://stackoverflow.com
It doesn't seem right to me when I see most of them is like *.*.255.255
ips which is unlikely to be correct because as I remember once when I have problem about time is not match I will see the actual name site from facebook including there.
Not only that. Sometime when I'm actually checking up my regular site and my own site some random video ads will appear in a new tab, and I'm sure that my own website never have any kind of those ads and I also have Adblocker installed on my chrome and it also happen on Firefox about the new tab ads.
Any thought what might be the problem?
EDIT:
I've did the scan again and still nothing found.
Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.06.03
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
alihuta2002 :: ALIHUTA2002-PC [administrator]
Protection: Enabled
6/5/2555 10:28:27
mbam-log-2012-05-06 (10-28-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238483
Time elapsed: 6 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
UPDATE: This is what happen when I say there is a new tab randomly open even I'm here in this website and I believe http://superuser.com don't have this kind of ads at all and I'm installed Adblocker so how is this come up?
UPDATE AGAIN:
After I did tried using Microsoft Security Essential and it founds 4 trojan detected and removed, but now after the restart it can't boot to the screen it has blue screen of death without giving me a time to see what is really the error and asking me to do Start up Repair.
This is a startup repair log:
Startup Repair diagnosis and repair log
----------------------
Last successful boot time: 5/6/2012 2:51:42 PM (GMT)
Number of repair attempts: 2
Session details
-------------------
System Disk = \Device\Harddisk0
Windows director = D:\Windows
AutoChk Run = 0 Number of root causes = 1
Answer
Please also refer to our main questions on the topic:
It is very likely that your system and/or connection is compromised and someone is intercepting your internet communication.
Searching for IopFailZeroAccessCreate
on Google only brings up people complaining about computer problems.
I found some good instructions on 2-viruses which may or may not relate to this specific issue. The article seems to deal with a different kind of infection, but the same solution should apply.
- Check your hosts file for malicious entries.
Hosts file resides onC:\Windows\System32\Drivers\etc\hosts
- Check DNS (Domain Name Server) settings
- Checking your proxy settings on Internet Explorer
Chrome also uses these proxy settings! - (Optional) Check your proxy settings on Mozilla Firefox
- Check your IE add-ons
- Scan for malicious parasites with spyware/antivirus removers
- (Optional) Repair Winsock 2 settings with LSPFix
No comments:
Post a Comment