0

Windows 10 is showing me a security alert windows again and again and again. If say

The identity of the web site or the integrity of its connection cannot be verified.

~Certificatte was issued by a company that you have chosen not to trust.
~Security certificate date valid.
~Name on certificate is invalid or does not match the name of the site
~The security certificate has a strong signature.

Do you want to proceed?

I click "View Certificate"

This CA Root certificate is not truster. To enable trust, install this certificate in Trusted Root Certificate Authorities store.

Issued to: ORname_Jungo: OpenRG Products Group
Issued by: ORname_Jungo: OpenRG Products Group
Valid from 03/06/2004 to 29/05/2024

I tried to use Fiddler to see if I could find site is being contacted but when Fiddler is open I don't get the alert, I get it again immediately after I close Fiddler. (I not an experimented Fiddler user so this may be a normal behaviour, or not, I don't know.)

Another possible source of explanation is that I have this Internet modem: http://wiki.yobi.be/wiki/Modem_BBox-2

It's a Sagem F@st 3464 (even if the box looks different), running a customized version of Jungo Openrg.

TTT
  • 193
  • 1
  • 4
  • 12
  • 1
    If you want to avoid the warning, then add the certificate, to the Certificate Store. You have a process attempting to access the domain. We can’t help find it (based on the information you provided). I would just remove the malware infection instead – Ramhound Mar 09 '18 at 00:34
  • 3
    https://sslbl.abuse.ch/intel/438833c094f6afc864c60e4a6f57e9f4d1281411/ – Ramhound Mar 09 '18 at 00:36
  • 2
    NO legitimate software uses that certificate by the way. It’s been blacklisted – Ramhound Mar 09 '18 at 00:38
  • 2
    Possible duplicate of [How can I remove malicious spyware, malware, adware, viruses, trojans or rootkits from my PC?](https://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit) – I say Reinstate Monica Mar 09 '18 at 02:45
  • @Ramhound : Yes, I seen that blacklisted page and I guessed the same conclusion, though I'm not quite sure what this list is and if it's universal. "We can’t help find it (based on the information you provided)." -> I was hoping for a way to provide more info. – TTT Mar 09 '18 at 09:39
  • Another possible source of explaination is that I have this Internet modem: http://wiki.yobi.be/wiki/Modem_BBox-2. "It's a Sagem F@st 3464 (even if the box looks different), running a customized version of Jungo Openrg" – TTT Mar 09 '18 at 09:58
  • Is there any particular reason you're running that? Your modem might be acting as MITM. If you're setup is like that for a reason consider (at least) changing the certificates. – Seth Mar 09 '18 at 10:06
  • It's my Internet provider's modem. Not that most recent one. I'm not sure if I can use another one than those they provide. – TTT Mar 09 '18 at 10:09
  • I just contacted my ISP, they will send me the next version (BBox-3). @Seth: what ido you mean by modem acting as MITM? I guess it's "Man in the middle", but would that mean it's "infected" or not? – TTT Mar 09 '18 at 10:24
  • That would depend on what it's supposed to do. For instance, if it's supposed to act as a virus scanner for SSL traffic it might be an intended feature. If it's not it might be infected. Do you have more than just one device that is having that issue? If not, it's likely an issues specific to your machine rather than your network. – Seth Mar 09 '18 at 10:34
  • So far I only saw the issue on one computer. Not on the second and third PCs running Win7, nor on mobiles (Androids). They ALL have NOD32. But I though it may also be a difference in detecting the issue, maybe Win10 detects "more". However this, morning I don't see the alert anymore for now. – TTT Mar 09 '18 at 10:39
  • NOD32 is notorious for performing its own man in the middle attack – Ramhound Mar 09 '18 at 11:06

0 Answers0