Computer Security Experts please

[Narnia]

On two sites I use where passwords etc are required (bank being one of them),I now get this message:

Revocation information for the security certificate for this site is not available. Do you want to proceed?

I'm offered 3 options, YES, NO or View Cert. If I proceed with YES I can get a new cert. it seems but I don't know if this is safe or not. There is a security warning.

This seems to have started happening since I had a virus attack a couple of days ago which my son managed to quarantine.

What should I do experts? Thank you in advance.

[HAL9000]

Proceed with great caution - do not log into any secure websites (thus revealing your login & password) until it is certain that the entire virus along with any associated ?root kit? has been located and removed.

[stevebailey]

Providing you are happy that you are definitely browsing to your banks website and you see HTTPS:// when you are asked to do this then it should be no problem.

Your locally stored copy of the security cert needs replacing, it may even be coincidental that it's coincided with a virus on you're machine.

The security cert is a '2 way secure handshake' between source (your PC) and destination (your banks webserver).

As I say though, ENSURE that you are definitely on your banks page and not a spoofed version, if in any doubt, just call the banks customer services dept and run it past them.

Cheers

[stevebailey]

And as HAL9000 says, make sure that all traces of the virus are removed, possible malware or keyloggers could be capturing said authentication details and uploading them to anywhere.

[themaninblack]

This might be useful-

http://support.microsoft.com/kb/308087

[Loz]

What HAL said.

It would help if you posted:

- Operating system (Windows 7? XP?)

- Browser (Internet Explorer? Firefox)

- Which site you are accessing and how you access it (bookmark? email hyperlink?)

There are possibly harmless explanations for this, but as HAL noted, since you've had a virus tread very, very carefully until you are sure no nasties remain on your system. Someone could be watching your every step - and every key pressed.

[HAL9000]

A modern virus usually delivers a payload called a 'root kit' along with other malware such as Trojans, backdoors, keyloggers, and so on. Anti-virus applications can usually detect and remove the original virus but often fail to detect 'root kits'.

Root kits are sophisticated and formidable devices that can disguise themselves effectively and even download and re-install parts that have been deleted or quarantined. Experts use various custom software tools to identify, locate and remove them. Even so; it is by no means easy or straightforward.

Some well-known anti-'root kit' tools are Autoruns, Avenger, ComboFix, FileLister, HiJackThis, HostXpert and VundoFix - to name but a few.

Given the scarcity of information you?ve posted, it is impossible to tell whether your computer is still infected or, if so, by what? But the risk factor in your case is very high - so be careful.

[matthew123]

Recently I had a virus attack and I restarted it in safemode (press F8 on restart til it gives option). I was then given option of which date on wanted to restore my PC to and that seems to have fixed my problem.

[Narnia]

Thanks for the feedback folks. I've just got in and been told by my son that he also altered the security options on my laptop which may explain what's happened. The virus itself appeared as a microsoft product which would get rid of the virus that was stopping me from accessing anything. In effect it wanted me to purchase this product. The logos were just too poor to make it seem like the real thing. Not very technical info I know.

Both of the websites where the current problem is occuring are for real in that after logging on I recognise my bank accounts and ahem...how little there is in my have the occasional bet account.

HAL, I've already done this. How could I be sure that all parts of the virus have been removed?

[HAL9000]

Ironically, what you describe is often a subterfuge to get you to install a rook kit and pay for the privilege. You don't say whether you bought the antidote?

Just to be on the safe side, it would be a good idea to change those bank account passwords via a computer that hasn't been compromised - if you have access to a clean machine - or else by telephone, if that is possible?

Better read this - Root Kit - so you know what you might be up against.

To diagnose and disinfect a potential root kit infestation requires an expert with hands on access to you machine. Meanwhile, as matthew123 suggests, a System Restore set to a date before the original virus infection might do the trick.

[Narnia]

I didn't buy it HAL. It looked far too dodgey.