Anyone know what this Malaware is? Or what it is doing?

[mickledore]

I have Malawarebytes installed on my desktop PC.
This afternoon I am getting repeated messages like this:-

malaware by mickledore on Talk Photography

The only thing that changes is the number of the Port. I know nowt about PC/Malaware/Interweb stuff so this is all a foreign language to me.
I assume it's not welcome, but what exactly is it? Anyone have any clues?

 

[mickledore]

I should add that I have not knowingly been on any of those naughty sites!
The only places I have been different to my usual have been looking for window cleaning poles - on SWMBO's orders!

 

[afasoas]

https://www.reddit.com/r/techsuppor...t_is_sdsymcd_and_why_does_avast_detect_it_on/

 

[mickledore]

Thank you.
I have Norton Installed so the sym part of the name could relate to Symantec. Maybe there's been some upgrade of Firefox or Norton and they are trying to talk to each other.
Interesting, but I'm not sure that I like it!

 

[afasoas]

It looks like it is Symantec. But it's probably now't to do with Norton Anti-virus.
Symantec are also a certificate authority, so it sounds like something on your machine checking Symantec's certificate revocation lists.

Basically, a web site or web service may be using a certificate that has been revoked because that site/service is doing bad stuff or has illegally acquired said certificate. When you visit a website, your browser will check to see if the certificate that site uses has been revoked.

This looks harmless, although if I wasn't at work I'd look a bit deeper into it.

 

[mickledore]

OK. That would tie in. I was doing my searches for stuff I've never looked at before and I got one link that wouldn't open, then these messages started popping up.
I've run both Malaware bytes and a full system scan and they have thrown nothing up. That's the extent of my technical knowledge/ability!
I'll keep my fingers crossed.

 

[sphexx]

Probably nothing to do with this but I note Firefox mentioned and it has just been updated to deal with a security problem.

 

[mickledore]

Probably nothing to do with this but I note Firefox mentioned and it has just been updated to deal with a security problem.

Yes, I noticed that as well. Could be related.
I've just done a full scan with Malawarebytes and the sign hasn't appeared since. Touch wood.

 

[Mag1cp2x]

Try installing and running Herd Protect
http://www.herdprotect.com/index.aspx
The scan takes a long time but well worth doing
Good luck

 

[mickledore]

That looks interesting especially as it's free!
Thank you.

 

[J Veitch]

The port you are seeing is a random free number, it will change for each different connection. This part is nothing to worry about as such. The tj domain is actually an Akamaised domain "ocsp-ssl.ws.symantec.com". If I am reading the error message correctly then it looks like Malwarebytes is complaining that the Browser is checking an HTTPS connection is using a valid certificate (certainly not malicious in itself). Perhaps Malwarebytes doesn't know about the version of Firefox you are using properly?

 

[mickledore]

The port you are seeing is a random free number, it will change for each different connection. This part is nothing to worry about as such. The tj domain is actually an Akamaised domain "ocsp-ssl.ws.symantec.com". If I am reading the error message correctly then it looks like Malwarebytes is complaining that the Browser is checking an HTTPS connection is using a valid certificate (certainly not malicious in itself). Perhaps Malwarebytes doesn't know about the version of Firefox you are using properly?

Thanks again. That is getting a bit beyond my paygrade!
I've no idea what version of Firefox I'm on. As far as I know it's fully legit, and has been running for 3 years or so on here with no problems.
Maybe, as alluded to above, there has been some Firefox update which Malawarebytes isn't aware of.
I did mention that I ran the programme and so far since then the warning hasn't reappeared. Maybe if it was an update the problem has been spotted and corrected, or maybe Malawarebytes has recognised whatever it is as being non harmful.
It's a dangerous thing to say, but the problem appears to have settled down, but I'll be watching.

Thanks everyone for helping a complete computer numpty like me.

 

[steve_lyt]

Do a reset on Firefox to default
Go to tools the three horizontal bars
To open options

2. Click the question mark at the bottom of the popup box

3 click troubleshoot information

4. Click reset firefox

 

[mickledore]

Do a reset on Firefox to default
Go to tools the three horizontal bars
To open options

2. Click the question mark at the bottom of the popup box

3 click troubleshoot information

4. Click reset firefox

Thank you Steve.
Done that.

 

[steve_lyt]

Has it solved it

 

[mickledore]

Hard to say. The problem had lapsed before I did it and hasn't raised it's head since. It's difficult to say what if anything has had an effect, and I'm not clever enough to start delving into the innards to try and fathom out what is going on.

 

[sphexx]

Firefox usually updates or offers to update unless it's never closed and reopened, at least on a Mac but I think on Windows too.

 

[mickledore]

I usually get an alert that there is an update. Before I run it I always create a restore point....just in case!
Never had an alert this time but that could easily mean that I missed it. It has been known!