PC certificate store malware problem

A user has brought his home PC into the office for us to look at. It has a malware problem unlike anything I have seen before.

The user starts up the Chrome browser and is taken to his normal homepage of https://google.co.uk - but the "https" is crossed out in red, like it was an unknown SSL certificate. When I click on the SSL cert and drill down to the details, I see it was issued to *.173.194.255.255. The same thing happens in IE as well. The user is running Vista Home Premium.

I've run Malwarebytes which cleaned a number of items (including some trojans) but the problem persists. I have run Kasepersky TDS KIller but that didn't find anything.

I would be grateful for some help.

Anti-Virus AppsAnti-Spyware

Last Comment

actionco

8/22/2022 - Mon

Amick

7/9/2012

Evaluate the %windir%\System32\drivers\etc\hosts file to see if it contains any suspicious entries.

actionco

7/9/2012

ASKER

The hosts files look normal - I have attached a screen print of the SSL
example.png

xmlmagician

7/9/2012

hi

this is a very good post from younghv:

https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_1940-BASIC-MALWARE-TROUBLESHOOTING.html

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!

James Murphy

actionco

7/9/2012

ASKER

I've already run Malwarebytes which cleaned a number of items but did not fix the problem. Kasepersky TDS KIller did not fnd anything at all. I'll work my way through the post you gave me.

xmlmagician

7/9/2012

Excellent, let us know how it worked out

Sudeep Sharma

7/9/2012

COuld you post the logs from MBAM?

What AV are you running on the system?

⚡ FREE TRIAL OFFER

Try out a week of full access for free.

Find out why thousands trust the EE community with their toughest problems.

ASKER CERTIFIED SOLUTION

actionco

7/13/2012