Jump to content

Recommended Posts

hi, i'm on Windows 7, 64bit. periodically i can't log into facebook, youtube or other sites. the problem isn't with all sites. and sometimes if i reload the browser or delete my cookies i can eventually get in the site. yet almost every time i load facebook the images don't display, rather a text displays saying "image may contain...".  my system time and date are correct.  norton internet security and windows updates up to date. it doesn't matter if i use Firefox (my default browser) or Chrome. i get an error message that my connection is insecure and sometimes i get a message that it's taking too long to respond.  below is an example of the most common message i get:

Quote

Your connection is not secure
The owner of www.facebook.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate.

and sometimes i get similar messages to this one

Quote

An error occurred during a connection to www.facebook.com. The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden. Error code: MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE"

if it were another site besides facebook i wouldn't have thought much of the problem.  i've also noticed difficulties with images loading in facebook and twitter.

so i'm guessing that something like malware on my system seems to be intercepting my secure connections.

i've downloaded the free version of malware bites to try to find the problem.  it's found 17 threats, but i don't know which ones are actual threats or possible threats.  could someone please advise as to what i should do, or if i should quarantine them all?

below is my report from the scan:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/19/17
Scan Time: 1:45 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2184
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: User-PC\User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385090
Threats Detected: 17
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 min, 49 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.InstallCore, HKU\S-1-5-21-99978434-4107673654-226712229-1000\SOFTWARE\InstallCore, No Action By User, [3], [239563],1.0.2184
PUP.Optional.FindRight, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update FindRight, No Action By User, [10884], [252925],1.0.2184
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SOFTWARE\Speedchecker Limited, No Action By User, [10487], [188281],1.0.2184
PUP.Optional.SpeedChecker.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [10487], [-1],0.0.0

Registry Value: 4
PUP.Optional.SpeedChecker.PrxySvrRST, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [10487], [-1],0.0.0
PUP.Optional.SpeedChecker.PrxySvrRST, HKU\S-1-5-21-99978434-4107673654-226712229-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [10487], [-1],0.0.0
PUP.Optional.SpeedChecker.PrxySvrRST, HKU\S-1-5-21-99978434-4107673654-226712229-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, No Action By User, [10487], [-1],0.0.0
PUP.Optional.SpeedChecker.PrxySvrRST, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [10487], [-1],0.0.0

Registry Data: 6
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, No Action By User, [11791], [292875],1.0.2184
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, No Action By User, [11791], [292875],1.0.2184
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, No Action By User, [11791], [292875],1.0.2184
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, No Action By User, [11791], [292875],1.0.2184
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, No Action By User, [14303], [292819],1.0.2184
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, No Action By User, [14303], [292819],1.0.2184

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\336A4A31490442B1B9413910D43AAA65, No Action By User, [528], [173202],1.0.2184
PUP.Optional.OpenCandy, C:\USERS\USER\APPDATA\ROAMING\OpenCandy, No Action By User, [528], [173202],1.0.2184

File: 1
PUP.Optional.OpenCandy, C:\Users\User\AppData\Roaming\OpenCandy\336A4A31490442B1B9413910D43AAA65\pcspeedup.exe, No Action By User, [528], [173202],1.0.2184

Physical Sector: 0
(No malicious items detected)


(end)

 

malwarereport1.txt

Edited by stargirl29
attaching text file of report
Link to post
Share on other sites

  • Replies 64
  • Created
  • Last Reply

Top Posters In This Topic

Hi stargirl29 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

You can start by quarantining all the threats Malwarebytes detected, yes, they are all legitimate hits. Once done, you can provide me the clean-up report.

Also, follow the instructions in the thread below and provide me the FRST.txt and Addition.txt logs.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

Link to post
Share on other sites

hi Aura,  earlier it was working but it's a sporadic problem.  this evening when i tried getting on facebook i got the same message.  as i mentioned earlier i'm also having trouble with images showing on facebook. even profile pictures.  but sometimes everything works fine.  after i got the insecure network message, if i reload the page (by hitting shift and the reload icon next to the url, then i can get into the page).  see attached files.image2.JPG.8a3f8d80fb616fea8aa5d69517cca140.JPG

notsecure.JPG

Link to post
Share on other sites

as far as the problem with the images not displaying properly on facebook, yes.  as for the other problem of the insecure connection, i didn't get that message this time. but like i said, i don't get it all the time on the other browsers either.  i don't really use internet explorer.

Link to post
Share on other sites

unfortunately i'm still getting the insecure connection warning.  and again, it's sporadic.  sometimes i can login to facebook, sometimes i can't.  it's definitely problems specific to this computer.  my husband doesn't have any issues with his. when i disabled norton internet security, i couldn't access facebook at all.  so i uninstalled norton internet security. i was able to connect to facebook, and the pictures reappeared. when i reinstalled norton, it did find a few tracking cookies which it removed (see attached).  for a while it worked great.  my pictures came back and i was able to get on facebook.  but now i've started getting the insecure connection warning again.  i even deleted and reinstalled firefox (even deleted my old profile)  but that had no effect.

connection not secure.JPG

nortonscan1.txt

Edited by stargirl29
Link to post
Share on other sites

If you click on "Learn more..." does it brings you to a place allowing you to see the website certificate? I'll install Mozilla Firefox in a VM and see if I can give you better instructions.

Alright, for the website you're trying to visit, in the URL bar, click on the little lock (which should be red), then click on the little right arrow in the window that will open and finally click on "More Information". From there, you should have a button called "View certificate". Click on it, then click on the "Details" tab. Take a screenshot of the window, and post it here.

4A0XeG9.png

GosDFqF.png

 

Edited by Aura
Link to post
Share on other sites

here's two different screenshots... the first one is when Facebook was letting me in just fine.  and the 2nd one, when Facebook wouldn't let me logon 5 minutes later...  like i said sometimes all i have to do is hit SHIFT + the reload circle with arrow to the right of the toolbar, but that's definitely not normal.

facebook2.JPG

certificate1facebook.JPG

Link to post
Share on other sites

Alright, can you copy/paste the error messages you get when it happens in Google Chrome? I'm more familiar with it than Mozilla Firefox.

Also, did you check in your BIOS if your date and time are properly set (at the right hour, minute, period of the day, etc.)?

Link to post
Share on other sites

it's the same error i get in firefox. i use firefox 98% of the time.

edit: i mentioned in the initial post that the date and time are correct. at least they are on the bottom right corner.  not sure how to check BIOS.

Edited by stargirl29
Link to post
Share on other sites

If it's custom built, do you know your motherboard brand and model? If not, follow the instructions below.

HpLn1DX.pngSpeccy - Publish a snapshot
Follow the instructions below to download and install Speccy, then to publish a snapshot of your system information:

  • Download and install Speccy from Piriform (the download will start automatically a few seconds after clicking on the Speccy link);
    Note: You can opt-out the Google Toolbar installation if you want;
  • Once Speccy is installed, launch the program and give it a good minute to load all your system information;
  • After that, click on the File menu in the top left corner, and select Publish Snapshot;
  • A window will appear asking you to confirm your decision to publish a snapshot. Click on Yes;
  • A new window will appear after, with a URL link to your snapshot. Click on Copy to Clipboard button to copy that URL to  your clipboard, then paste it in your next reply and post it;

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.