Jump to content

Certificate Error at I E 8


Recommended Posts

Here is my situation;

Windows xp home edition, SP3, Microsoft Security Essential, Malwarebytes. I run IE8 and Firefox.

In last two, three weeks, when I use IE8 to log on to a bank account (I use it for many years) https://www.itcu.org, I got certificate error msg. But if I use Firefox to do the same thing, it is alright. This is the only site that gives me the problem.

In addition, if I use another PC with everything the same, except that PC does not have Malwarebytes. Both IE8 and Firefox can go on the bank site without problem.

Not sure what is the problem, not sure it is Malwarebytes related. Not sure you can help me with this. Please let me know either way.

Thank you for your attention.

Planoguy

Link to post
Share on other sites

I get no error for either IE8 or FireFox for the certificate.

For Internet Explorer to to Tools/Internet Options/Advanced and click on the RESET button and then restart Internet Explorer and try again.

No use. As a matter of fact, I did this "reset" when I first encountered the problem.

Link to post
Share on other sites

I get no error for either IE8 or FireFox for the certificate.

For Internet Explorer to to Tools/Internet Options/Advanced and click on the RESET button and then restart Internet Explorer and try again.

As I said, I have no problem with the other PC for either IE8 or Firefox. Just this PC has problem with IE8

Link to post
Share on other sites

  • Root Admin

I'm just asking what the exact error is and where/how do you see it because I can't see what's on your computer physically.

Please download the following scanner and run it and post back the logs.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.


    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

I'm just asking what the exact error is and where/how do you see it because I can't see what's on your computer physically.

Please download the following scanner and run it and post back the logs.

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.


  • When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Attached please find two logs. Thank you very much for your help.

Planoguy

DDS.txt

Attach.txt

Link to post
Share on other sites

  • Root Admin

You have more than one Anti-Virus running on the system. Please choose one and remove any others.

Then uninstall the following from Control Panel, Add/Remove

J2SE Runtime Environment 5.0 Update 4

Java™ 6 Update 17

If you're still having an issue then please post for assistance in the HJT forum as shown below as it's possible that the system might be infected.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Link to post
Share on other sites

Not sure that you have received the logs I sent on Monday. There is the re-send.

Thanks for you help.

First of all, I think I have only one anti-virus program, that is Microsoft Security Essentials. And I have Malwarebytes which is supposed to co-exist with MSE, right? I don't know what else I have in turns of anti-virus.

Link to post
Share on other sites

You have more than one Anti-Virus running on the system. Please choose one and remove any others.

Then uninstall the following from Control Panel, Add/Remove

J2SE Runtime Environment 5.0 Update 4

Java 6 Update 17

If you're still having an issue then please post for assistance in the HJT forum as shown below as it's possible that the system might be infected.

Please print out, read and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someon has replied to your post.

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org

Very happy to say that problem solved.

As I said I have only one anti-virus program. So I did not do anything (removing anti-virus program). Then I follow your instruction to remove J2SE Runtime Env 5.0 Update 4 and Java 6 Update 17. Then re-start to system, log on to the problem site. No more "certificate error". Thank you so very much.

My next question is that since I removed to Java updates. Would it cause any other problem?

Thanks again.

Link to post
Share on other sites

  • Root Admin

Well the logs show you do have other versions of AV still installed.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AVG shows up

Microsoft SE shows up twice when it should only show once so I'm guessing you have at least some components of an older version there.

Add/Remove has the following.

Microsoft Antimalware

Microsoft Security Client

Microsoft Security Essentials

Completely up to you but if it were my computer I would fully remove all of them and then install the latest version of Microsoft Security Essentials if that is the Anti-Virus you want to use.

Go into your Control Panel, Add/Remove and uninstall the following

Microsoft Antimalware

Microsoft Security Client

Microsoft Security Essentials

Then visit this site from AVG and dowload a tool to manually remove any left over items from the AVG Anti-Virus that is also showing up.

You also have drivers from PC Tools that should be removed as they appear to be left overs. If you're unable to locate an uninstaller then we would probably have to manually remove it which I can assist you with.

You also have drivers from System Mechanic but I don't see it in the Add/Remove either.

S4 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-5-17 700336]

S4 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-5-17 700336]

Basically it looks like you could really use some general PC cleanup help. If you'd like me to help you do that then let me know.

Link to post
Share on other sites

Thank you again. I am surprised to see that I have so many garbage in the system. Please help me to clean them up.

In the Add/Remove, I only see Microsoft Security Essentials, can not find Microsoft Antimalware nor Microsoft Security Client.

As for the AVG, I manually cleaned it up once not too long ago. I may not have done a complete job. Must be some left over there.

Iolo, I removed it from Add/Remove just now. Not sure if you still see it there?

PC Tools, I have Desktop Maestro (old version) installed. I run it from time to time to clean up registry.

Do I need to do this? Shall I remove it? Can you recommend a good free registry cleaning tool?

Would appreciate very much if you can help to clean up the system.

Thank you.

Link to post
Share on other sites

  • Root Admin

Please reboot the computer one more time and then download a new copy of DDS and run it and post back the logs.

You really don't need a Registry Cleaner.

A few recommended articles to read on registry cleaners:

  1. An often posted and quoted article, Ed Bott's Why I don't use registry cleaners
  2. Older article quoting two MVPS's, but relevant still is Do I need a Registry Cleaner?
  3. AUMHA Discussion: Should I Use a Registry Cleaner?

Download
DDS
and save it to your desktop

Disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click
dds.scr
to run the tool.

When done, the
DDS.txt
will open.

Click Yes at the next prompt for Optional Scan.


    When done, DDS will open two (2) logs:

  1. DDS.txt

  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply:
    DDS.txt
    and
    Attach.txt

Link to post
Share on other sites

OK. There are the two logs just did 5 minutes ago. I did turned off both Microsoft Security Essentials and Malwarebytes before I run it.

You mentioned no registry cleaner is needed,(I have not read the articles). So I can delete Desktop Maestro and CCleaner, which I run from time to time. Anything you think is not needed? Let me know, I will do it.

DDS.txt

Attach.txt

Link to post
Share on other sites

  • Root Admin

It is VERY IMPORTANT that you follow the steps below exactly as requested otherwise you may get errors

STEP 01

AVG is still showing so let's do some manual cleanup

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

Remove AVG Anti-Virus WMI Registration

  1. Click on the Start menu.

  2. Select Run...

  3. Type
    wbemtest
    and click OK

  4. Click Connect

  5. Type (or copy/paste)
    root/SecurityCenter
    in the NameSpace box

  6. Click Connect

  7. Click on Query

  8. Type in or copy / paste
    SELECT * FROM AntiVirusProduct
    and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed.

Double click on each result to view the properties for that Antivirus product.

Identify the product(s) installed and DELETE any records for
AVG Anti-Virus

Delete_AV_From_WMI.gif

STEP 02

Go into Control Panel, Add/Remove and unintall any of the following if found and reboot.

MAKE SURE that you uninstall all of the programs below and reboot otherwise the other steps are going to get an error.

Microsoft Antimalware

Microsoft Security Client

Microsoft Security Essentials

SUPERAntiSpyware

We can reinstall them later on when we're done here

STEP 03

Download a clean fresh copy of Combofix and save it to your Desktop.

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines


Driver::
AVG Anti-Rootkit
AvgArCln
MpFilter
MpKsl3dd76848
SASDIFSV
SASKUTIL
MpKsl11945b1d
MpKsla31f951f
ioloFileInfoList
PCToolsSSDMonitorSvc
File::
c:\windows\system32\drivers\avgarkt.sys
c:\windows\system32\drivers\AvgArCln.sys
c:\windows\system32\drivers\MpFilter.sys
c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{55a5a410-3ebc-48d1-8402-d9321c7f0bab}\MpKsl3dd76848.sys
c:\program files\superantispyware\sasdifsv.sys
c:\program files\superantispyware\SASKUTIL.SYS
c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{70260c6e-8694-4aa7-913d-41e0ae6f4a5c}\mpksl11945b1d.sys
c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1fffd961-64ba-41d2-93f8-b78cb0b7b8ae}\mpksla31f951f.sys
c:\program files\iolo\common\lib\ioloservicemanager.exe
c:\program files\common files\pc tools\smonitor\StartManSvc.exe

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:

CFScript.gif

  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.

STEP 04

Now run a new DDS scan and post back those logs as well.

Link to post
Share on other sites

Attached please find three logs from combofix, and DDS scan

I am really sorry to say that I usually set Regional and Language options for non-unicode programs to Chinese. So there are some Chinese characters show up in Combofix report. I put the English translation in [ ] next to the line in Chinese. I am not sure that my translation is accurate. Hope you can understand them. If this is a problem, may I re-run Combofix?

In addition, in step 1, there are three entries. One related to AVG, which I deleted. Two related to MSE, not sure which one to delete. So two are not deleted.

In step 2, did not find MS antimalware and MS Security Client. But found MSE and SuperAntiSpyware. Both are deleted.

combofix log.txt

DDS 0950pm.txt

Attach 0950pm.txt

Link to post
Share on other sites

  • Root Admin

No, the Chinese is okay so far - thanks.

You appear to have "Desktop Maestro" from PC Tools installed, or at least used to be.

Please click on START - RUN and type in MSCONFIG and set it to NORMAL and restart the computer.

Once that is back to NORMAL then please run the following.

Please download to your Desktop: Dr.Web CureIt

  • After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet
  • Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click on the Complete scan radio button.
  • Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language
  • Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)
  • On the File types tab ensure you select All files
  • Click on the Actions tab and set the following:
    • Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report
    • Infected packages Archive = Move, E-mails = Report, Containers = Move
    • Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move
    • Do not change the Rename extension - default is: #??
    • Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\
    • Leave prompt on Action checked

    [*]On the Log file tab leave the Log to file checked.

    [*]Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

    [*]Log mode = Append

    [*]Encoding = ANSI

    [*]Details Leave Names of file packers and Statistics checked.

    [*]Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

    [*]On the General tab leave the Scan Priority on High

    [*]Click the Apply button at the bottom, and then the OK button.

    [*]On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

    [*]In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

    [*]The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

    [*]When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

    [*]Click 'Yes to all' if it asks if you want to cure/move the files.

    [*]This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

    [*]After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

    [*]Save the report to your Desktop. The report will be called DrWeb.csv

    [*]Close Dr.Web Cureit.

    [*]Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

    [*]After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply with a new hijackthis log.

    drweb.jpg

Link to post
Share on other sites

I did two scans. When I first opened the DrWeb CureIt, it automatically went into 'Enhanced Protection Mode', and started scanning. It scanned following objects

RAM

Boot sectors of all disks

Startup objects

Boot disk root directory

Boot directory of windows installation disk

Windows system folder

User document folder ("My Documents")

System tempory folder

User tempory folder

It took about 50 minutes to complete. It says "No virus found"

I went on to 'complete scan' after that. Change all the setting according to your instruction. Started scan and it took about another 50 minutes. After the scan, "No virus found".

I could not find the report. (So there is no attachment here)

Close the DrWeb. Re-boot the system. Please let me know what is the next step in order to have a 'clean system'.

Link to post
Share on other sites

Just want to let you know what I have done since last report.

Remove Desktop Maestro, Iolo, SuperAntiSpyware

Run wbemtest again, found one entry of MSE, deleted it. No more anti-virus program.

Download/install MSE. Updated it to avoid conflict with Malwarebytes (per Malwarebytes forum).

Run msconfig, "startup". Disabled all, except NvCpl, mbamgui, and ctfmon (Don't really understand what they are)

under "services" stopped all non-MS services, except mbamservice, mozyhome (I use this for on-line file back-up),

and nvidia display driver.I found MS Antimalware service there. It is stopped.

After all these actions, a new problem came up. When I use IE log-on, the tool bar, address bar, manual bar (those bars on

top of the page) are all solid black. (Firefox does not have this problem)

Any suggestions? Am I doing the right things? What shall I do now? Really depend on your advises to clean up the system.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.