Certificate errors. Was my firewall compromised or was it a glitch? Phished?

[Guest]

[alphaomega]

I recently was having trouble accessing a deposit page online. I was getting certificate errors. the technical details were:

processor6.realtimegaming.com uses an invalid security certificate. The certificate is only valid for search.dnsadvantage.com (Error code: ssl_error_bad_cert_domain)

my firewall then was the COMODO Internet Security (Version: 5.5.64714.1383)

It was the first time i had run into this problem and was puzzled and alarmed. I really didnt know what to do.. i ran multiple virus/malware/rootkits scans using multiple programs and even reached out at bleepingcomputer.

then out of nowhere i decided to see if there were any upgrades to my firewall and there was. the update/install was very quick. less than a second. and it asked me to restart my computer and i did. everything loaded, but i thought it was too fast for an update. so i clicked update again and there was another update available. this one took a bit longer and again asked me to restart. i did (and i guess this is the most updated version).

So i tried the deposit page again, and this time im able to access it. No problems at all.

So my question is what was preventing me from accessing that page? was my firewall hacked? or was it just a glitch?

I've attached a copy of my comodo log. i zipped it because its an htm file. Hopefully someone can tell me if it looks ok.

my current version of the firewall is COMODO Internet Security (Version: 5.10.228257.2253).

thanks again.

[EricJH]

This message comes from your  browser not from the firewall. I checked the web site and the certificate is valid. It was just a temporary glitch on server side.

[alphaomega]

i forgot to mention that i was able to access the deposit website through my laptop pc and my iphone during the same time. i just couldnt do it with my PC. this went on for about 2 weeks. I was only able to access the site after i made the update. I mean it immediately went through right after the update.

i scanned and scanned and scanned with every security software i had and that page just wouldnt load. i updated comodo and bam it went through.

Did you check out my log by any chance? did everything look ok?

[Chiron]

If you're worried about whether there's malware on your computer please follow the advice I give in How to Know If Your Computer Is Infected.

This'll let us know for sure if your computer is clean or not.

Also, are you having trouble upgrading to the newest version? If you are the best option may be to uninstall yours and manually install the next. Advice about how to do that is given in this topic.

Please let me know if you have any questions.

Thanks.

[Ronny]

i updated comodo and bam it went through.

I suspect DNS is the cause of this, both sites are serviced for DNS on UltraDNS but do resolve a different A record at my side of the world.
But one has a Time-To-Live of only 300 seconds so it's possible that it resolves other records also.

Do you know if you are or where using Comodo Secure DNS?
You can find this info by opening a command-box (Start, Run, cmd [ENTER]) and then type ipconfig /all [ENTER]
Just look for the DNS Servers . . . . . . . . . . . : entries

Did you check out my log by any chance? did everything look ok?

I had a quick look, at first sight it doesn't show any thing related to this issue.

[alphaomega]

Thanks for taking time out to troubleshoot.

I did the ipconfig / all and its showing two sets of DNS servers:

under Ethernet adapter Home Network:
DNS Servers:
8.26.56.26
156.154.70.22

under Tunner adapter Automatic Tunnerling Pseudo-Interface:
DNS Servers:
fec0:0:0:0:ffff::1%1
fec0:0:0:0:ffff::2%1
fec0:0:0:0:ffff::3%1

not really sure what those mean or whether im using Comodo Secure DNS.

[Ronny]

Those are Comodo Secure DNS IP's.
http://www.comodo.com/secure-dns/switch/windows_vista.html

Can you PM me the output specifically of the Pseudo-Interface:?

[Tags:]