-1

I tried to use google today (using google chrome), and when i search, it shows me the search page, but the top header says that im not signed in, although I am .. tried to sign in again, and same thing happened.

So I tried to use Firefox, whenever I try to access to https://www.google.com/ it gives me www.google.com uses an invalid security certificate..

I tried with Microsoft Edge and it worked fine.

I even disabled the Anti-Virus (Avira), and cleaned all of my browsers history, even used CCleaner to clean the registry and other applications.

Same thing, is there a way like to delete all of my certificates?

I'm using Windows 10.

UPDATE:

It seems that this is a proxy problem,

enter image description here

that script is downloading a code to change my proxy settings: 

function FindProxyForURL(url, host) {

a = /^https?:\/\/www\.google\.[a-zA-Z.]+\/?$/;if (a.test(url)) { return "PROXY 93.190.137.240:8484" }

b = /^https?:\/\/www\.google\.[a-zA-Z.]+\/\?(.*)$/;if (b.test(url)) { return "PROXY 93.190.137.240:8484" }

c = /^https?:\/\/www\.google\.[a-zA-Z.]+\/search\?(.*)$/;if (c.test(url)) { return "PROXY 93.190.137.240:8484" }

d = /^https?:\/\/www\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (d.test(url)) { return "PROXY 93.190.137.240:8484" }
e = /^https?:\/\/www\.google\.[a-zA-Z.]+\/s\?(.*)$/;if (e.test(url)) { return "PROXY 93.190.137.240:8484" }
f = /^https?:\/\/cse\.google\.[a-zA-Z.]+\/cse\?(.*)$/;if (f.test(url)) { return "PROXY 93.190.137.240:8484" }


return "DIRECT";

}

But I couldn't disable that option.

Ƭᴇcʜιᴇ007
  • 111,883
  • 19
  • 201
  • 268
Ouerghi Yassine
  • 221
  • 3
  • 17
  • If Firefox and Chrome are both giving you certificate errors it means you are connected to a proxy, which means, removing your certificates from your system woudln't solve it. Removing your certificates from the certificate store WILL BREAK YOUR INSTALLATION. So unless you want to reinstall Windows don't do that, it also, WILL NOT solve your problem caused by a proxy. How do i know its a proxy, because Firefox which uses its OWN certificate store, is also giving certificate errors. – Ramhound May 18 '16 at 14:15
  • "I tried with Microsoft Edge and it worked fine." - This seems to point to third-party software that is install that is "protecting" your secure connections but has not been updated to support Edge since it does not currently support add-ons. So instead of just "disabling" Avira, you should uninstall it, or at the very least disable its web protection which you currently have enabled. – Ramhound May 18 '16 at 14:17
  • omg you are right, i changed the proxy settings in firefox to "no proxy" and it worked! – Ouerghi Yassine May 18 '16 at 14:17
  • No, i dont have Web protection in avira, so firefox proxy was set to "Use-system proxy settings", but going to "Internet Options" and under the connection tab then LAN settings, its using no proxy ... – Ouerghi Yassine May 18 '16 at 14:19
  • 1
    Your certificate problems are still caused by your proxy though. Let me guess you are connected to corporate network? – Ramhound May 18 '16 at 14:20
  • 1
    Nope, home, but i noticed something, under "Automatic Configuration" i have `Automaticlly detect settings` is checked, and `Use automatic configuration script` checked with this address: `http://ɴ.net/server.pac` – Ouerghi Yassine May 18 '16 at 14:23
  • 1
    and each time i change that it comes back, now i opened that link, and downloaded a file, and yep, its messing with google links ... i updated my answer. – Ouerghi Yassine May 18 '16 at 14:24
  • 1
    Once you solve your proxy problems you will solve your secure http connection problem. You should clarify your "invalid certificate' by adding specific details about the certificate each browser attempts to use. Furthermore be sure you format your question so it is readable. – Ramhound May 18 '16 at 14:30
  • This sounds to me like malware of some kind. Compare [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](http://superuser.com/q/100360/53590) which may or may not help you with your immediate problem, but should point you toward things to investigate. – user May 18 '16 at 14:39
  • yep i guess, anyways, i went through registry and removed some entries and restarted, everything works fine now$ – Ouerghi Yassine May 18 '16 at 14:41
  • "removed some entries " care to enlighten us? – Moab May 18 '16 at 14:48
  • @Moab there was 2 keys in `HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies` deleted them both – Ouerghi Yassine May 18 '16 at 16:56
  • You can answer your own question, please do. – Moab May 18 '16 at 20:46
  • @Ramhound has the right to do so – Ouerghi Yassine May 20 '16 at 14:20
  • Still waiting for you to improve your question – Ramhound May 20 '16 at 18:53

2 Answers2

1

I also had browser hijacking issue and had proxy setting updated by a background process and on top of that my security center was disabled along with firewall.

Following is based on windows 10 but it should work on 8.1 also. Also, I removed machine from any network (including internet) before performing these steps. But these may also work without doing the same.

Here is what I did to get rid of the issue:

  1. Open Task Manager and kill following processes (mind the sequence and kill any process that you see listed below)

    • SkypeUpdateEx.exe
    • winsecurity.exe
    • syshostctl.exe
    • sysnetwk.exe.exe

  2. Delete following folders. Note that 'programdata' folder is hidden so you may want to type the location in address bar.

    • C:\ProgramData\Microsoft\Network\dsq. Note that any other folder besides 'Connections' and 'Downloader' is suspicious.
    • C:\ProgramData\Windows Security. This folder is not related to windows
    • C:\Program Files (x86)\SkypeUpdateEx.exe. No, this is not related to skype

  3. Check and update etc\host file

    • Run notepad in 'administrator' mode
    • Open 'c:\Windows\System32\drivers\etc\host'. 'host' is name of the file
    • Remove any line that has URLs mentioned against 127.0.0.1
    • Save the file

  4. Correct proxy settings

    • Go to settings->network & internet->proxy
    • disable proxy
    • Open registry editor (type regedit from command prompt or run or windows search to open)
    • Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings and delete key that has 127.0.0.1 entry. Apologies as I don't remember the key name but this information should be sufficient.

  5. Fix Security center

    • Go to https://support.microsoft.com/en-in/kb/2519899
    • Scroll down to 'Here's an easy fix' and download the fix for windows 8. Yes, it will work for 10 also.
    • Run downloaded file on affected machine. This should fix the problem and enable security center again.

Hope this helps.

Kumar Saurabh Johny
  • 11
  • 2
-1

Update: The following tool https://www.malwarebytes.org/antirootkit/ sucessfully resolved the proxy hijack issue. The following are log file listing infected registry entries.

Log file:

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{0353F2CF-07EC-4399-A07F-F1FF7685132F}|Path --> [Hijack.AutoConfigURL.PrxySvrRST] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS{0353F2CF-07EC-4399-A07F-F1FF7685132F} --> [Hijack.AutoConfigURL.PrxySvrRST] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\InstallShield® Update Service Scheduler --> [Hijack.AutoConfigURL.PrxySvrRST] Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL --> [Hijack.AutoConfigURL.PrxySvrRST] Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL --> [Hijack.AutoConfigURL.PrxySvrRST] Infected: HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES| --> [Hijack.AutoConfigURL.PrxySvrRST.PrxySvrRST]

dev-seahouse
  • 1
  • 1