RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Thanks for the additional details. This doesn't look good. Based on new information I have found, it seems that some unofficial portable versions of certain products were signed by such fake Google certificates. I was able to get a copy of the certificate and will take a deeper look.

    In the meantime, just a wild guess: by any chance, do you have a portable version of RadioSure?
     
    Last edited: Apr 15, 2017
  2. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    509
    Location:
    Bulgaria
    Hi,

    Thank you for your time taking a look at the issue.
    No, never heard of RadioSure before.

    Regards,G.
     
  3. guest

    guest Guest

    Blog-entry about the faked google-certificate (CN="Google"), which was reported in #352
     
  4. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    12
    Location:
    EU
  5. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Hi wildafrica,
    • The DESKTOP certs: These are unusual and suspicious.
      > Can you check if you installed any new software on April 6?
      > Have you had any malware infections?
      > Can you see the certs in certmgr.msc? If so, please post a screenshot, which might provide more clues.

    • The Avast cert is normal if you have Avast installed. Avast is known to intercept HTTPS connections to check for malicious content.
     
  6. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    12
    Location:
    EU
    Hi svenfaw,

    thank you for your answer and sorry for my late response and sorry for my English.

    1. I tried check it but it is not easy. I checked it in ADD or REMOVE PROGRAMS in Windows. I think there is no suspicious software. Please have a look:
    http://www.bild.me/bild.php?file=668281419.png

    2. I think I had no malware infection.

    3. Yes, I can see them there. But screenshot is not good and I do not know how to copy it because the window cannot be enlarged. http://www.bild.me/bild.php?file=548755820.gif
     
  7. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
  8. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Thanks for the additional information.

    A few more things:

    1. Can you export one of those DESKTOP certificates and upload it somewhere so I can have a look?
    (In certmgr.msc, right-click on the certificate, select "all tasks", then "export")

    2. Can you run a full malware scan using a "second-opinion" scanner (such as Hitman Pro or Zemana)?

    3. Windows Essentials 2012: Are you sure this is legit? It seems this product was retired by Microsoft and there are no more official download links available.
     
  9. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    12
    Location:
    EU
    1. I am sorry, but I deleted both certificates by Zemana. I'm looking how to restore it (I use Zemana portable and there is no item to restore). One certificates was created Januar 17.2017

    2. I scan my PC regularly by Zemana, Hitman, Adwcleaner.

    3. WE 2012 - I do not know. But I use it long time and I do not remember if I have it on my PC from earlier (when I upgraded Windows) or if it is new installation. But I download software from safe site.
     
    Last edited: Apr 28, 2017
  10. Strunzow

    Strunzow Registered Member

    Joined:
    May 9, 2017
    Posts:
    1
    Location:
    Germany
    Downloads are impossible at the moment:

    Not Found

    The requested URL /fs1/_dl_rcc.php was not found on this server.
     
    Last edited by a moderator: May 9, 2017
  11. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    To encourage donations, the availability of RCC (and most other apps) is temporarily restricted to donators... and Wilders members (just DM me for a link) :)
     
  12. Macha

    Macha Registered Member

    Joined:
    Mar 8, 2016
    Posts:
    3
    Location:
    France
  13. guest

    guest Guest

  14. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
  15. AJMinerva

    AJMinerva Registered Member

    Joined:
    Jun 6, 2017
    Posts:
    1
    Location:
    Austin, TX
    @mood , I tried to download the latest version but it looks like the version on your site is a different version and not the new one.

    Thanks,
    AJ
     
  16. guest

    guest Guest

    Each build has an expiry date and it seem that the build 1.069.021 is now expired. :(
    Edit: 1.069.020 is still working
     
    Last edited by a moderator: Jun 9, 2017
  17. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    509
    Location:
    Bulgaria
    1.0.69.020 is still working by the way. :)
     
  18. guest

    guest Guest

    Oh, indeed :thumb:
     
  19. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Sorry - an updated build will be available in the next few days.
     
  20. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Build 1.69.022 is now online and should be valid until the end of July (unless the Microsoft pushes a CTL update earlier).

    SHA256: 3183aa9304ee7dd82be0cad6c36bf1fcd3c95f3c25ccd5604af801a2184af7d8

    Also please note that RCC might be integrated within Root Exposure Manager in the future, although I cannot confirm this yet.
     
  21. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    Blocked by SmartScreen and blocked and quarantined by ZAM...

    Just for the record.
     
  22. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,760
    File version and Product version still shown as 1.69.021. Launching RCC shows the correct version.
     
  23. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    5,285
    I hadn't tried this since March 25, 2015 when I mistakenly ran it on XP.

    Tried just now, on my Surface Book.

    RCC_1.69.022_01.JPG RCC_1.69.022_02.JPG RCC_1.69.022_03.JPG
     
  24. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    12
    Location:
    EU
    Hello Svenfaw, please can you help me with suspect certificates? I ran RCC and it found some "interesting" items. Thank you.
     
  25. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Sure, feel free to post the scan results.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.