Think I may be getting MITM'd

pneuma1985

Level 4
Thread author
Verified
Aug 30, 2015
189
My certificate after removing adguard certificate_ca is still not good even with reinstalling the certificate I get that message on alot of websites. I'm not exactly sure how it's being done. I cant identify where it's coming from with wire-shark and I'm pretty good with wireshark. I ran a few log scans and nothing absolutely nothing? Is it a MITM or a rootkit I guess I could run TDS but I doubt it'll find anything. I'm just wondering where to go next. Not even sure how or when I could have gotten infected.
Current config
CIS and HMPA3 Licensed shadow defender MCsheild for usb and zemana as an on demand!
 

pneuma1985

Level 4
Thread author
Verified
Aug 30, 2015
189
I used SSL-eye everything comes back clean why do I keep getting this? I know that the certificates with https aren't very valid with sites like google.com because the change the certificates within minutes of last visiting. I'm no malware removal expert thats for sure... I'm better at infecting machines not removing the infections. Could this be adguard 6.0rc1 screwed up my certificates? I dont see anything in the logs lmk if you do? Hopefully one of the removal guys can take a look and help me out with this. This is my first time on CIS mind you and I've been following umbra's thread on CIS8 configuration and understanding of the software... It may be possible that thats why. I would also like to report about 6 months ago I did get a rootkit I ended up DBAN'ing the drive so yeah that's gone for sure... HMPA hasn't come up with anything about the connection not being secure nor a rootkit. So if I am infected it's by some serious malware! I'm going to build an offline windows installer and try that if no one gets back to me before I finish building the ISO in a VM for offline installation. Maybe that will help I'm not exactly sure.
 

pneuma1985

Level 4
Thread author
Verified
Aug 30, 2015
189
Ok I did everything I could do. Ran all rootkit scanners wiped drives and then reinstalled... Added sandboxie to the mix which seems to be working with Firefox at least. I've read there are issues running CIA hmpa and sandboxie but itsbqorking fine and I see nothing now on wireshark! Not sure if I got rid of it or not. I still reinstalled adguard works fine and SSL works fine and the sites that said I had a bad certificate no longer show that. And redirects are no longer happening! I'm not sure but wiping the drives must have done it I hope...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top