Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Random Ad Pop-Ups and "Weak Signature Algorithms"

  • Please log in to reply
2 replies to this topic

#1 Brian King

Brian King

  • Members
  • 1 posts
  • Local time:08:36 PM

Posted 18 June 2012 - 12:13 AM

I keep getting pop-up ads after clicking google links, or just randomly :angry: How do I fix this?

Also, whenever I visit an HTTPS:// website, I always get a meassge saying:
The site's security certificate is signed using a weak signature algorithm!
You attempted to reach www.facebook.com, but the server presented a certificate signed using a weak signature algorithm. This means that the security credentials the server presented could have been forged, and the server may not be the server you expected (you may be communicating with an attacker).
You should not proceed, especially if you have never seen this warning before for this site.

Can anyone help me? It would be much appreciated.

BC AdBot (Login to Remove)


#2 Alvas Rawuther

Alvas Rawuther

  • Members
  • 356 posts
  • Gender:Male
  • Location:Mumbai, India.
  • Local time:08:06 AM

Posted 18 June 2012 - 10:28 AM

I'm not totally sure(since we don't have anywhere near the info we'd need) but you should try out all of the following steps and let me know.

These are for Windows XP, but are almost exactly the same for Windows 7/Vista.

Step 1. Check your hosts file for malicious entries.
Hosts file resides on C:\Windows\System32\Drivers\etc\hosts
Posted Image
Where Windows is your windows installation directory. On windows 7/vista, you should open your hosts file with administrative privileges. Google Redirect virus symptoms might be result of malware adding malicious entries to this file and are removed easily as well.

Hosts file should look like this: (open the file with Notepad)
Posted Image
If you see more lines of code and IPs, you should delete these, especially if they rewrite google or Microsoft subdomains. This is a sign, that you either had or have infection on your PC, as this file can not be accessed remotely usually.

Step 2. Check DNS (Domain Name Server) settings

Domain name servers are used to determine what server to access when opening website addresses. Hijacking these settings would allow hijacking various websites including search ones.

1. Go to Control Panel->Network Connections and select your local network.
2. Right-click your local network icon and select Properties.
Posted Image
3. A window will open, then select Internet Protocol (TCP/IP) and click Properties.
Posted Image
4. You will see a window like the one below – this is the Internet Protocol window. Select “Obtain an IP address automatically” and “Obtain DNS server address automatically”.
Posted Image
5. Click OK to save changes.

Step 3. Checking your proxy settings on Internet Explorer
Proxy server settings can be used to implement Google search result hijacking as well. This is simple to fix too:

1. Launch your internet explorer.
2. Tools ->Internet Options, Connections tab. Press LAN Settings
Posted Image
3. Unselect everything or enter parameters that were given by system administrator.
4. Press OK.

Step 4. (Optional) Check your proxy settings on Mozilla Firefox
1. Launch Mozilla Firefox.
2. Tools ->Options. Press Advanced and open Network tab. Then, press Settings button.
Posted Image
3. Select “No proxy” or enter parameters that were given by system administrator.
4. Press OK.

Step 5. Check your IE add-ons
If your browser is hijacked in IE only, check IE browser ad-ons. Note: there are malicious plugins that affect both IE and firefox and result in Google redirects in both of the pages.
1. Launch your internet explorer.
2. Tools->Manage Addons
3. Disable all unverified addons (there might be some useful ones, but better re-install them later).
Delete all ad-ons that look spammy/unknown

Step 6. Scan for malicious parasites with spyware/antivirus removers:
1. Download MBAM Free
2. Download SUPERAntiSpyware
3. ESET Online Scanner

Step 7. (Optional) Repair Winsock 2 settings with LSPFix
Download LSPFix
Note: 'Run as administrator' in Windows Vista/7. If after launching it, it found no problems, just click on finish and exit.

Source: 2-viruses.com

Edited by Alvas Rawuther, 18 June 2012 - 10:30 AM.

Windows 7 Ultimate SP1 | Intel Core 2 Duo E7500 @ 2.93GHz | 4.00 GB Dual-Channel DDR2 @ 333MHz RAM | 488 GB WD SATA HDD | 1024MB ATI Radeon HD 4350 | No real-time antivirus | MBAM on-demand | Windows 7's Built-in Firewall |

#3 coxchris


  • Members
  • 1,151 posts
  • Gender:Male
  • Location:Atwater
  • Local time:07:36 PM

Posted 18 June 2012 - 11:01 AM

Brain King,

In junction with Rawulther go to http://support.microsoft.com/kb/972034 if you have a bad HOST file run that Microsoft Fix it.

I concern about what you describe "it sound like a hacker got in or is going to"

Lets take a look at your port status

Open a command prompt and type in

netstat -an > "C:\Users\yourusername\Desktop\netstat.txt

It will take a second or two

When it done It will go back to C:\User\yourname

This command will log your active ports and save them on your desktop as a text file. Attach the file on your next reply

When did this start and have ran any prior antivirus scans to this?

Edited by coxchris, 18 June 2012 - 11:03 AM.

AA in Computer Networking Technology

BS in Information Technology 

Comptia A+, Project+, L+

Renewable:  N+,S+

CIW Web Design Specialist, JavaScript Specialist,  Database Design Specialist 


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users