I am getting 'SEC_ERROR_UNKNOWN_ISSUER' trying to open certain sites running AVG and I do not experiance the same problems in other browsers.
I run AVG internet security as my anti virus. The existing Mozilla support page does not indicate a solution for AVG anti-virus. The problem originated a couple of days ago and since then i have run multiple anti virus programs trying to rule out malware including running them while booted in safe mode. I primarily get the error when using the search function of the address bar and until now I could usually open google then search directly from google.com and get around the error. As of this question i can no longer reach google to use it as a work around. I do not experience any insecure connection problem when running google chrome or internet explorer. I have removed and re-downloaded both AVG and Firefox I have made sure my Firefox proxy setting is set to auto-detect proxy settings
Wšě wotmołwy (20)
hello, could you give us more information about the error by clicking on the error code, copying the text to the clipboard and then pasting it here into a reply in the forum (like shown on the screenshot).
thank you!
https://www.google.com/search?q=google&ie=utf-8&oe=utf-8
Peer’s Certificate issuer is not recognized.
HTTP Strict Transport Security: false HTTP Public Key Pinning: true
Certificate chain:
-----BEGIN CERTIFICATE----- MIIC8zCCAdugAwIBAgIJAJ0QIKwQTW0PMA0GCSqGSIb3DQEBCwUAMBAxDjAMBgNV BAMMBSouY29tMB4XDTE2MTIyNjA5MzY1M1oXDTIxMTIyNTA5MzY1M1owEDEOMAwG A1UEAwwFKi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmUudY EO8/7y10JAuUaR1fIV5z78CaHU/Ft+7CMZVvx3f8/u42+OrgYzMMJv7ttsKfn6JI xHTeNU+d+fclTTm0o3yQoGcifT5VcAAY5GCmnmRGqOWe2LAL3ZnYAL+WV7dziAzG /gS2O0AvGUcJNJ44JwQvPYzHCiVhTOcPD12fXplkrKhWR4oS/i3iLsyHowJ8UkEv gXcA7i5K+Vt1B8uevfs9Ilg5XRNGO3nX5JqLpXeY24DQWjOpFlfP+c+cs4G13gcV jKQkMQ4R59a0XFovBu8BuDRHlpgKuazw7/omlliY9kyHILb9Reb4nZqJoCji7MhU sLUL7h8sywMrTyARAgMBAAGjUDBOMB0GA1UdDgQWBBRXS0Q/4c92lb1TEEcp3IAr /BSyMTAfBgNVHSMEGDAWgBRXS0Q/4c92lb1TEEcp3IAr/BSyMTAMBgNVHRMEBTAD AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQDYSDH/LbwRrtxsyMk7CMnD+kzA1++vmJ5u yC1Q9VjVjgsmkiPNtFdVY8ltnc2gTSIxZ6VU2hplJDr164zi0fhfJj6jI/7QHC8U iTCln0G+Iqm9Kzt50WMgeJYdCRl2CkZUba1fGqczYZeCYJ0wONaOQuaPgW48euNd oHNCx58LjMGVjpbyrVNQE7XGH+F2Wt3ZjqFdDbY2Uaveiu2VnV3ck5d7fe6usCKO rX6+HhuuwZfsXrgldk1MKiZVz++IWAnOIac1mS55i7iIjZQfZb0glAO4DCEizUwL j7/uMdzTJ0YKIA01wzRS4F/eoNCR7xSjZEGV22wxmp+V6uEJ1YBt -----END CERTIFICATE-----
Wot cor-el
thanks, the details of this certificate look very strange - mostly blank (& certainly not something like google would use):
Issuer CN = *.com
Subject CN = *.com
Valid From 26 Dec 2016, 9:36 a.m.
Valid To 25 Dec 2021, 9:36 a.m.
Serial Number 9D:10:20:AC:10:4D:6D:0F (11317581786962029839)
CA Cert Yes
Key Size 2048 bits
Fingerprint (SHA-1) CE:7A:EB:61:1C:78:4E:F1:59:F6:F9:C1:6F:C5:E1:DE:9A:7C:6F:B7
Fingerprint (MD5) 15:FE:DB:CC:2C:F4:27:C1:9E:54:84:50:1F:6A:2F:42
can you connect any particular activity like installing a program on your computer to that Valid From date?
in addition please try to refresh firefox and see if this can address the issue. one more thing to try would be to check in the firefox menu ≡ > options > advanced > network > connection - settings... that firefox is set up to directly connect to the internet ('no proxy').
i have refreshed Firefox as well as changed the setting to 'no proxy'. on December 26 the computer would have been connected to the internet however i was away that day and did not use the computer. The problem has now developed in chrome as well. Is it possible this is a virus that has survived my attempts to remove it? If so how do you suggest i go about cleaning it out?
Thanks for all your help
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware. All these programs have free versions.
Make sure you update each program to get the latest version of their databases before doing a scan.
- Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php - AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml - SuperAntispyware:
http://www.superantispyware.com/ - Microsoft Safety Scanner:
http://www.microsoft.com/security/scanner/en-us/default.aspx - Windows Defender:
http://windows.microsoft.com/en-us/windows/using-defender - Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html - Kasperky Free Security Scan:
http://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
- Anti-rootkit utility TDSSKiller:
http://support.kaspersky.com/5350?el=88446
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
Okay, I have now run the antivirus programs suggested and removed the items they found however the problem remains unresolved.
Boot the computer in Windows Safe mode with network support to see if that has effect in case security software is causing problems.
Could you inspect the certificate for https://www.google.com/ in Chrome and see what it looks like there? Click the padlock in the address bar, then the Details link in the first section, then the View Certificate button. Please see the attached screenshot for comparison. Is it similarly suspicious?
here are the certificates from chrome. the one is taken from google.com when it said my connection was secure. the other is from a website i know was secure before this problem began occuring but is now insecure.
That Google Ad Services cert looks like the same interceptor you got in Firefox. It's really hard to search for web pages mentioning "*.com" certificate errors so they were very clever there.
Since this started, have you tried power cycling your router in case its memory has become corrupted? (In other words, unplug it, wait 10 seconds, then plug it back in again.)
Within Windows, you could try switching your name servers (DNS servers) to using OpenDNS instead of your ISP, in case there is a problem at your ISP. More info: https://www.opendns.com/home-internet-security/
this is dated the same as the one from firefox
I will try a power cycle next. the boot in safe mode with networking did not seem to make any difference. I have experianced the problem on multiple wifi networks.
I have now rebooted the wifi with no improvement. when looking inside my servers i came across as file named 'demonware' could this possibly be a problem? I recognize most of the other names on this page but this is unfamiliar to me.
When I search it, DemonwarePortMapping seems related to some gaming products. If you aren't a gamer, try turning it off. Similar for any others you don't use. You can always turn them back on if something suddenly stops working.
What do you have on the DNS tab? Usually it would be automatic, meaning, get your DNS servers from upstream at your ISP. Anything unexpected there?
This is the DNS screen. i do not notice anything immediately wrong here but i amalso unfamiliar with what should be shown on this page.
At this point would a full reset be my best option to clear this out?
watson-97 said
At this point would a full reset be my best option to clear this out?
A full reset of what? Your router?
Not sure if this thread is helpful/relevant: How do I use custom DNS settings on the CGN3ACSMR modem? - Rogers Community
A full factory reset of the computer to wipe the drives.
I personally would consider that a last resort, but having run out of other ideas, perhaps you'll need to do that.
You could try the advanced malware forums listed in the support article to see whether the tools they recommend can pick up something that was missed before:
Also, if you didn't try changing the DNS in your router to the OpenDNS servers, I think that would be worth a try.