Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MitM help!


  • This topic is locked This topic is locked
30 replies to this topic

#1 Blu2016

Blu2016

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 05 May 2017 - 09:13 AM

All off a sudden some logins that are suppose to be secure are not but others (like Google) are. My main concern is the login for my router, which the login shows that it is unsecure. Thought it was just the browser(Firefox), so I tried Edge and it as well is unsecure.

Attached Files



BC AdBot (Login to Remove)

 


#2 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 AM

Posted 07 May 2017 - 03:14 PM

Hi Blu2016 & Welcome to the forums ^_^,

 


I would be helping you with your computer problems. Right now, I am a trainee at the Bleeping Computer Malware Removal Study Hall.
I am Pranav and now that we are friends, I would like to call you by your first name if that is fine with you      :hug:

All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Instructor. This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic. That could take a few days. Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.

While you wait for further instructions, kindly do not run any additional tools as that might complicate the process of fixing your computer and cause delays.

Have a nice day!

Regards,
Pranav 


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#3 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 07 May 2017 - 04:43 PM

ok



#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 AM

Posted 09 May 2017 - 01:10 PM

Hi Blu2016!

 

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

Let's begin!

 

 

I have analysed your log files and there doesn't seem any problem with your system in terms of being insecure. But, still let's make sure that there is nothing nasty residing on the system  :)

 

I'd like us to scan your machine with ESET OnlineScan:
  • Check qy7AMI8.jpg (if available) and click on the ePL5oyv.jpg button.
  • It is recommended to turn off your antivirus program. Click on the E5rfZI9.png button to see which antivirus is currently enabled:
c4VVzVO.png
  • Turn off your antivirus program. See here how to do this.
  • Check the option beside: Enable detection of potentially unwanted applications.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
  1. Enable detection of potentially unsafe applications
  2. Enable detection of suspicious applications
  3. Scan archives
  4. Enable Anti-Stealth Technology
  • Click on the Change button and select only Operating memory, Autostart locations and drive C:\ to be scanned.
 
yKulboi.jpg
  • Push the dtoGjAL.png button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
 
8L8IBHJ.png
  • When the scan completes a list of found threats will open automatically (if any malicious files are found).
 
imxEgHt.png
  • Push thecRhRYZ8.png button and save the file to your desktop using a unique name, such as ESETScan.txt. Include the contents of this report in your next reply.
  • Push the 9IjfdXq.png button.
  • Check the box beside RHzfZB1.png to uninstall the application when closed.
  • Push Vc3btaC.png and the close the application clicking the X in upper right corner.
 
 
Let me know how it goes ^_^
 
Have a nice day!
 
Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 10 May 2017 - 03:49 PM

After 3 attempts to complete the scan, it is finally down to finishing with Eset showing 6 infections.I should have results shortly.



#6 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 10 May 2017 - 05:17 PM

C:\Users\Mech_1989\Downloads\ccsetup528.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Mech_1989\Downloads\spsetup130.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Mech_1989\Downloads\tnsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    
C:\Users\Mech_1989\Downloads\pAINTZ\gimp-pspi-1.0.7.win32 - CHIP-Installer.exe    a variant of Win32/DownloadSponsor.C potentially unwanted application    
C:\Users\Mech_1989\Downloads\SFT\ccsetup506.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Mech_1989\Downloads\SFT\xfinity-master-installer_1.0.0.11.exe    a variant of Win32/Toolbar.Visicom.F potentially unwanted application    
 

 

This is the results from a 6hr scan.



#7 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 AM

Posted 13 May 2017 - 06:05 AM

Hi Blu2016!

 

 

The threats found by the ESET Online Scanner are simple PUP's which we can ignore since they don't do any harm.

 

From personal experience, I haven't seen any home router with SSL enabled. This is the reason why you are being shown as "Unsecure" for the router.

Regarding the original MITM issue, are there any other URL's except for the router's which show as "Unsecure" but should be "Secure"?

 

 

 

Using more than one anti-virus program is not advisableWhy? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scannerit can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior. 
 
When scanning engines are initiated, each anti-virus may interpret the activity of the other as suspicious behavior and there is a greater chance of them alerting you to a "false positive". If one finds a virus or a suspicious file and then the other also finds the same, both programs will be competing over exclusive rights on dealing with that threat. Each anti-virus may attempt to remove the offending file and quarantine it at the same time resulting in a resource management issue as to which program gets permission to act first. If one anit-virus finds and quarantines the file before the other one does, then you may encounter the problem of both wanting to scan each other's zipped or archived files and each reporting the other's quarantined contents. This can lead to a repetitive cycle of endless alerts that continually warn you that a threat has been found after it has already been neutralized. 
 
Anti-virus scanners use virus definitions to check for malware and these can include a fragment of the virus code which may be recognized by other anti-virus programs as the virus itself. Because of this, many anti-virus vendors encrypt their definitions so that they do not trigger a false alarm when scanned by other security programs. Other vendors do not encrypt their definitions and they can trigger false alarms when detected by the resident anti-virus. Further, dual installation is not always possible because most of the newer anti-virus programs will detect the presence of another and may insist that it be removed prior to installation. If the installation does complete with another anti-virus already installed, you may encounter issues like system freezing, unresponsiveness or similar symptoms as described above while trying to use it. In some cases, one of the anti-virus programs may even get disabled by the other.
 
To avoid these problems, we would uninstall all of the Antivirus solutions on your system (To avoid any problems) and then install the one which you would like to keep.
 
 
In your next post, please tell me the Antivirus solution which you would like to keep and I would give you the instructions accordingly. Also please let me know if you have the license for the antivirus solution which you would like to keep.
 
 
Have a nice day!
 
Regards,
Pranav

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#8 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 13 May 2017 - 06:35 AM

Norton in installed along with windows defender which Norton disables when it gets installed. See attached.

 

Attached Files


Edited by Blu2016, 13 May 2017 - 06:38 AM.


#9 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 13 May 2017 - 06:42 AM

There have been other sites as well that I have received warnings on, but if i go to google it loads fine.Mainly it was my router that raised an alarm to this situation.



#10 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 13 May 2017 - 06:55 AM

It varies as to sites that comes up on.

Attached Files



#11 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 AM

Posted 15 May 2017 - 07:27 AM

Hi Blu2016!
 
I can see in your log files that there are multiple antivirus solutions which are running. These are probably remnants of the previous installation. Let's clean these remnants.
 
Please download the following tools and save them on your desktop -

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

  • Once you are into Safe Mode, run the above tools one by one.
  • If any tool asks you to reboot the machine, please reboot the machine and then boot again into Safe Mode again if you still have to run the other tool.

This procedure will remove the remnants of the other Antivirus solutions and will keep your Norton as it is.
 
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.

 
As per the screenshot, it is your router's login page. The warning is there because the router does not use encryption for communicating with you. That's why you are getting the warning. Are you seeing such warning anywhere else as well?
 
 
Have a nice day!
 
Regards,
Pranav


Edited by blueelvis, 15 May 2017 - 07:27 AM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#12 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 15 May 2017 - 12:31 PM

Hi Blu2016!
 
I can see in your log files that there are multiple antivirus solutions which are running. These are probably remnants of the previous installation. Let's clean these remnants.
 
Please download the following tools and save them on your desktop -

Now reboot into Safe Mode.
This can be done tapping the F8 key as soon as you start your computer
You will be brought to a menu where you can choose to boot into safe mode.
Make sure you choose the option without networking support.
Please see here for additional details.

  • Once you are into Safe Mode, run the above tools one by one.
  • If any tool asks you to reboot the machine, please reboot the machine and then boot again into Safe Mode again if you still have to run the other tool.

This procedure will remove the remnants of the other Antivirus solutions and will keep your Norton as it is.
 
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.

 
As per the screenshot, it is your router's login page. The warning is there because the router does not use encryption for communicating with you. That's why you are getting the warning. Are you seeing such warning anywhere else as well?
 
 
Have a nice day!
 
Regards,
Pranav

I am seeing issues when  login to this site



#13 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 15 May 2017 - 02:07 PM

neither mbam or kaperesky would run in safe mode, ran them in normal os mode to get rid of them. Attached are the Frst scan results

Attached Files



#14 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:22 AM

Posted 16 May 2017 - 10:23 AM

Hey Blue2016 ^_^,
 

I am seeing issues when  login to this site

I think you forgot to add the link while posting. Could you please post it again? Screenshot will also work  :)
 

neither mbam or kaperesky would run in safe mode, ran them in normal os mode to get rid of them. Attached are the Frst scan results

My mistake. The tools were supposed to be run in Normal mode.
 

 

Download attached fixlist.txt file and save it to the Desktop.
 
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 
Let me know how it goes ^_^
 
-Pranav

 

Attached Files


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#15 Blu2016

Blu2016
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 16 May 2017 - 11:57 AM

Ran fixlist.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users