Link to home
Create AccountLog in
Avatar of actionco
actioncoFlag for United Kingdom of Great Britain and Northern Ireland

asked on

PC certificate store malware problem

A user has brought his home PC into the office for us to look at. It has a malware problem unlike anything I have seen before.

The user starts up the Chrome browser and is taken to his normal homepage of https://google.co.uk  - but the "https" is crossed out in red, like it was an unknown SSL certificate. When I click on the SSL cert and drill down to the details, I see it was issued to *.173.194.255.255. The same thing happens in IE as well. The user is running Vista Home Premium.

I've run Malwarebytes which cleaned a number of items (including some trojans) but the problem persists. I have run Kasepersky TDS KIller but that didn't find anything.

I would be grateful for some help.
Avatar of Amick
Amick
Flag of United States of America image

Evaluate the %windir%\System32\drivers\etc\hosts file to see if it contains any suspicious entries.
Avatar of actionco

ASKER

The hosts files look normal - I have attached a screen print of the SSL
example.png
I've already run Malwarebytes which cleaned a number of items but did not fix the problem. Kasepersky TDS KIller did not fnd anything at all. I'll work my way through the post you gave me.
Excellent, let us know how it worked out
COuld you post the logs from MBAM?

What AV are you running on the system?
ASKER CERTIFIED SOLUTION
Avatar of actionco
actionco
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
This was the solution, not a malware infecion at all.