Is This Legit?

Received this popup first time I accessed my home page after booting today. Never seen anything like it. I manually terminated IE8 via task manager and popup has not reappeared for subsequent IE8 accesses.

[attachment deleted by admin]

What is your home page? Does this page have links to login pages of other sites; think login page of social networking sites f.e…

My home page is www.att.net. Standard home page. No feeds, Facebook, or other baloney.

Lately I have been getting a few ICMP 3,13 destination unreachable blocked firewall events. All have been from U.S. based servers. I have also received a few from Bellsouth IP address range which ATT still uses. Strange that these ICMP events started after I registered my trial ver. of MalwareBytes Pro. Avast’s memory scan showed 5 viruses from MalwareBytes Pro but I assumed those were FPs like the one shown for cmdagent.exe. That’s what the Avast forum says.

Personally, I have never received a cert alert like that but I am new to the WIN 7 and the few web lookups I found showed this type of alert coming from Vista so I assume they are used in WIN 7 also.

So far that is the only alert I have received today.

Something else just happened and since this has occurred before I will mention it. Ocassionally, I will see two Comodo red shields on my lower task bar? The second one usually appears briefly and then goes away. Does this relate to Avast’s web shield using tcp port 12080 localhost? Avast’s really hammers that port.

There is button that links to the https login of Yahoo.

Lately I have been getting a few ICMP 3,13 destination unreachable blocked firewall events. All have been from U.S. based servers. I have also received a few from Bellsouth IP address range which ATT still uses. Strange that these ICMP events started after I registered my trial ver. of MalwareBytes Pro.
ICMP 3.13 is on of the destination unreachable messages telling "Communication administratively prohibited. See what happens if you uninstall Malwarebytes and run without for one or two days.
Avast's memory scan showed 5 viruses from MalwareBytes Pro but I assumed those were FPs like the one shown for cmdagent.exe. That's what the Avast forum says.
I would go with their findings.
Personally, I have never received a cert alert like that but I am new to the WIN 7 and the few web lookups I found showed this type of alert coming from Vista so I assume they are used in WIN 7 also.

So far that is the only alert I have received today.

It is a message about an https connection that will occur on any OS.

Are you using Dragon browser?

Are you using Dragon browser?

No. IE8

Thx. Yesterday I saw a topic with a similar question in the Dragon board.

Are you using Comodo Secure DNS? Try switching to other DNS servers and see if you get the https alert again or not.

Quite often these messages simply represent a temporary outage of the server performing the certificate revocation check. By default IE is set to perform such checks (see image) These messages can also be produced if your system clock is incorrect.

Did you get the certificate information from the ‘View certificate’ button?

The ICMP 3:13 messages mean that you data passed through a router that has been configured to filter traffic. These messages may also occur if your clock is out of sync.

[attachment deleted by admin]

I am a bit rusty on my certificate security. So I had to pause and digest which caused the “light to come on” with Eric’s comments on https.

Now the following might be all coincidental but it’s a bit to much so for my liking.

I found a fake AV Tojan/rogue last Sunday on this WIN 7 installation. Yesterday was my first cold boot after Trojan removal. Low and behold, the cert. revocation message appear upon first access to my www.att.net home page. This home page contains a section for a https login to login.yahoo.com.

Three login.yahoo.com certificates were hacked back in that infamous last sping incident that I am sure Comodo wishes to forget about so I won’t dwell on it. Revocations were subsequently issued for all hacked certificates.

See where I am going here? Wonder if that removed Trojan was controlling a hacked cert. and with the Trojan’s iremoval. it caused the orignal hacked cert. to be exposed?

I will finally add that I was installing WIN 7 and subsequently Comodo last spring in the time frame of the certificate store breach.

This is really not an uncommon occurrence and I’m sure if you do a little searching, you’ll find many thousands of hits. Perhaps this will be of interest… Troubleshooting Certificate Status and Revocation | Microsoft Learn

Thanks for the Technet link. It’s a bit dated - 2003. Cert. revocation checking for example is set on by default in WIN 7 IE8.

I did check my certs. using certmgr.msc before connecting to the web via IE8 today. All stored certs. look OK. The bad certs. from Comodo from back in Mar. are all listed in the Untrusted Certs. section.

No alerts for cert. revocation when I connected to my home page today. So looks like I am good to go.

That Trojan I had appears to have also affected Avast’s web guard. I religiously use TCPView to check my connections. I never previously noted all the localhost TCP connects from Avast’s web guard to port 12080 until I got rid of the Trojan. It would have been nice if Avast’s would have noted that localhost activity in their suppport documentation.