RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. John Souvestre

    John Souvestre Registered Member

    Joined:
    Mar 22, 2016
    Posts:
    6
    No, I've never used Adguard.
     
  2. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Hi,

    I'm not 100% sure, but based on a quick analysis, it looks like the Kaspersky entries in cert8.db might not have been fully distrusted/deleted and look corrupted.

    I'm also still checking if there is a bug in RCC's scan logic, but in the meantime, I think it would be safer to start over with a fresh cert8.db file.
     
    Last edited: Mar 27, 2016
  3. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    735
    Location:
    South Park, CO
    I've never used Adguard or Kaspersky, but the cert8.db file in my Firefox 45.0.1 installation apparently became corrupted (giving "unknown issuer" errors on mainstream https sites) after a Flash container crash yesterday. After running RCC, which reported nothing unusual, I deleted cert8.db and allowed Firefox to rebuild it.
     
    Last edited: Mar 27, 2016
  4. John Souvestre

    John Souvestre Registered Member

    Joined:
    Mar 22, 2016
    Posts:
    6
    Done. The old file was 360K and the newly generated one is only 65K.

    RCC scans it OK now.

    Thanks!
     
  5. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
  6. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Project seems off or on hold. I hope everything is okay. :(
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Sven does say new build coming soon ...: http://trax.x10.mx/apps.html
     
  8. guest

    guest Guest

    It would be nice to have auto update and a tray icon, so it checks the certs every restart
     
  9. CHEFKOCH

    CHEFKOCH Registered Member

    Joined:
    Aug 29, 2014
    Posts:
    395
    Location:
    Swiss
    Offline for weeks now. :(

    Any mirror for me/us? :D
     
  10. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    Sorry, things have been a little rough lately.
    But I'll do my best to make an updated build later this week.
     
  11. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,124
    Location:
    UK
    Whenever svenfaw, you just take care of yourself.
     
  12. MrTeckie

    MrTeckie Registered Member

    Joined:
    Jun 1, 2012
    Posts:
    17
    I just discovered a new version of RCC. I downloaded and ran it.

    ** Scanning Windows root CA store... (Baseline selected: RCC1_STD_MSCTL)

    Number of 'interesting' items: 2 (Not part of baseline)

    F60167F962FAFD759D40B6D1CE0EBC58FDE9BD70: avast! Web/Mail Shield Root
    Time of insertion: 2016-01-16 01:43:09 UTC

    6252DC40F71143A22FDE9EF7348E064251B18118: Certum CA
    Time of insertion: 2015-11-14 06:51:00 UTC

    I know the first one is part of Avast, which I have installed. What is the second one? I have never seen this one show up when I ran the previous version of RCC in the past. I don't remember the last time I used RCC, but it has been a while. It shows that the CA was installed in Nov. 2015. Should I delete it. Is there a way to find out how or what program that install these certificates? Btw, this is my home pc running Windows 10 Pro 64bit. Thanks
     
  13. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    I`m seeing the same with the Certum certificate.

    Mine was inserted March 2016.
     
  14. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
    Also the Certum certificate present here.
    Time of insertion: 2015-12-27 09:32:43 UTC
    Does anybody has more information on why this certificate is there?
     
  15. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    23,936
    Location:
    UK
  16. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    181
    It would be really great if CtlInfo was also updated/ downloadable - hope SvenFaw can find some time to do this,

    Cheers
    Ska
     
  17. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
  18. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    456
    Location:
    England
    I deleted the Certum certificates, rebooted and found that the "unsigned themes" patcher had ceased to load.

    I started the UnsignedThemes service manually and the Certum certificate reappeared.

    (The theme patcher in question here is "UXStyle base" as found on skinpacks.com)
     
  19. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    I also have the Certum certificates listed.

    I don't use theme patchers, but I do use KeePass.
     
  20. guest

    guest Guest

    6252DC40F71143A22FDE9EF7348E064251B18118: Certum CA
    I have the Certum certificate too, but i have no third-party skin installed.

    But mine was inserted 2 years ago, and on the day the certificate was inserted i installed Media Player Classic (i looked in my logs).
    Old installers from MPC are timestamped from: Certum Time-Stamping Authority issued by Certum CA
    If you have installed Media Player Classic a while ago (newer installers are not timestamped from Certum CA anymore), you have this certificate too.
     
  21. MrTeckie

    MrTeckie Registered Member

    Joined:
    Jun 1, 2012
    Posts:
    17
    I deleted the Certum certificates from my system as well. I don't use Keypass and I don't believe I use theme patchers. I don't remember installing something like that and I don't change themes. I will look at my programs install list and see if there was something I installed around the time the certificates were inserted. It may have been a program that once used and uninstalled, but it left the certificates.
     
  22. MrTeckie

    MrTeckie Registered Member

    Joined:
    Jun 1, 2012
    Posts:
    17
    Okay...Nov. 14, 2015 may have been the date that I installed version 1511 of Windows 10 (Code name Threshold 2).. I also had to reinstall my printer driver and software; Windows Driver Package. I seem to remember Windows uninstalling or breaking these programs during the upgrade to 1511.
     
  23. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    1,188
    Location:
    The Netherlands
    Thanks all, couldn't find out what installed it, deleted the certificate from my system and everything keeps working so far :thumb:
     
  24. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    1,131
    Location:
    Baden Germany
    My Certum certificates came with MPC-HC
    I deleted the questionable certificates and installed the latest MPC-HC, which has the same build, but a newer certificate from Certum, valid till 2029,
    while the flagged certificate was valid till 2027.

    So now the "old" Certum is gone and a new one is here....:confused:
     
  25. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    291
    A resident / real-time mode complete with alerts and a tray icon will be coming soon. Also I will try to make it very light on system resources. :) It might not be free though...
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.