Hi all, I'd be grateful for some advice on my situation.
I'm using Mac OSX 10.8.5 (I know I need upgrade as soon as I poss, currently travelling).
I starting seeing "connection not secure" browser error dialogue when trying to open facebook, instagram, skype. But opened my bank's portal no problem.
Same behaviour in FF, Chrome and Safari. Sometimes it would redirect and display an OpenDNS error page instead. I couldn't pick a pattern for why. Google search started prompting me to verify that I'm human.
The problem disappeared when I found and removed OpenDNS addresses from my DNS settings. But prior to that I had taken a bunch of steps (listed below). Subsequently I've removed Spigot adware from my system.
Now I'm not sure if I'm vulnerable to a MITM attack, or if the problem is resolved.
In particular, I'm not sure how the OpenDNS addresses got added to my DNS settings. Could it be the Spigot adware?
Steps I've taken:
- Checked that pages that produced the "not secure" error load with my phone and a different computer on the same wifi network. They do. So not a router issue
- Timezone, date and time are correct
- Updated Java
- Disabled all browser plugins
- Firefox, browser I use every day - cleared cache and offline files
- scan with clamxav (2016 version, updated definitions, no infection found)
- scan with knock-knock (current ver, no infection found)
- At this point found OpenDNS addresses and removed them.
- scan with Avast 12.5, found and removed
- Spigot-O "YahooEngine.xml"
- Several Spigot files already sitting in Malwarebytes "removals" folder
- Checked for Avast CA untrusted certificate - not present (but Avast is using MITM, switching in its own trusted certificate)
- Downgraded anti-malware bytes to 1.2.4 (1.2.5 requires OSX 10.9 or later, apparenty), found and removed "adware.Spigot"
I'd appreciate some help on this!