Some days back I started receiving below message in Chrome whenever I open site with a secure connection such as https://www.facebook.com or https://www.gmail.com
Security certificate has been revoked
I was able to access the same two sites in other browsers.
See error snapshot at: https://chrome-a-googleproductforums-com.googlegroups.com/attach/f60e44de58e4f45e/Twitter%20Not%20Trusted.JPG?view=1&part=2
Upon Googling about the error I found that my system has been infected with malware. I did System Restore (using SysRestore Pro) but failed and system was unable to restore to previous state. Then I tried to run the antivirus scan from Micrsoft Security Essentials but the application was unable to open. Also whenever I downloaded/open any antivirus/anti-malware or such similar kind of tools, it denied each time, throwing different errors for each application. Moreover the antivirus application downloaded was considered as a virus!!! (too funny) and downloaded remain incomplete
I then tried to use Windows 7 System Restore but that too failed and after some steps of system recovery it threw below error
Windows failed to start. A recent hardware of software change might be the cause. To fix the problem
1.Insert your Windows installation disc and restart the computer.
2.Choose your language settings, and then click "Next".
3.Click "Repair your computer."
If you do not have this disc, contact your system administrator or computer manufacturer for assistance.
My concern here is how to remove malware from the system once I start my PC??
Repair windows start-up by booting from windows DVD
If you can get it to boot, use chameleon to get malwarebytes running.
Run malware bytes full scan and find out the full damage report. Clean up if possible and then check for rootkits using anti-rootkit.
I would then run a full scan with your favourite flavour of AV until you're happy your system is clean.
Just get your data off using a linux live DVD and re-install windows. Run the anti-rootkit as soon as windows is installed.
I like option 2
Run msconfig and select the Boot tab. Select Safe and networking and then apply. Restart the computer and it will boot in safe mode with internet access but the virus wont be active.
Download microsoft safe scanner from the microsot website and run it. The safe scanner will find the maleware/virus and remove it and ask if you want to reboot. Before you reboot run msconfig again and select the boot tab. De-select the safe option and apply.
Restart the computer and it should be good.
Today, I was infected with the "AV Security Suite" malware. I believe it was this evening after viewing some links on digg.com (news aggregation site) using internet explorer. On one particular site, I noticed a Java 6 splash screen come up. I have Java 6 EE installed on my computer, but the app server (Glassfish) was not running.
About one minute after the splash screen, I noticed the "AV Security Suite" notification in my taskbar, attempting me to click a link in the tool. It also hijacked my IE proxy settings. The file msvcr71.dll under my Glassfish directory was compromised and had to be deleted.
I have successfully cleared the malware, but my question is this:
How did I become infected in the first place?
I am running Windows 7 64 bit, Windows Firewall (and behind a personal firewall), Windows Defender, Ad-Aware, and AVast, all were up to date. I did not install any application in the past week, I am very careful as to what I download and run. It is not from attachments from any of my emails (I believe), and my IE security settings are fairly high, with a few settings that I had to make for Citrix to work (I can't recall exactly which settings).
My inclination is that this is due to an incorrect browser setting which I am hoping to fix to prevent this from happening again.
For most of my browsing, I do use Firefox with Ad-Block Plus and other add-ons. Occasionally, I do need to use IE for business sites that only work under IE, and this time I was unfortunate to use it to do other browsing.
To cause IE7 or 8 to prompt, go to Internet Options>Security Tab>Click the "Internet" icon, then click the "custom level" button, when a window opens scroll down to "Scripting" section, under "Active Scripting" set it to "Prompt", hit Ok, then Ok again.