RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    194
    Sorry for the late reponse.
    This is actually quite intriguing. I can't seem to import that registry entry - are you sure you posted the entire certificate data?

    A few more questions:
    1. Do you remember the exact name of the certificate?
    2. Did you save RCC's output to a file?
    3. Did you install *any* software (not necessarily Google-related) that day?
    4. Do you remember any unusual popups?
    5. Last but not least - any malware incidents?
     
  2. doesntmatter

    doesntmatter Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    35
    Location:
    Bulgaria
    Hi,

    No worry about the delay.

    I was able to re-import it just fine and then re-scanned with RCC and it was detected again:

    http://i.imgur.com/u6JMW75.png

    So I guess that the screenshot will answer your first two questions.

    I am not sure how to answer on your third question since the date of the installed programs changed (like in the topic here). It is happening from time to time and I am still unable to trace what causes these changes. But yes I probably installed a program or update that day (I keep my programs and the OS always updated). If you want a list of my installed programs please let me know and I can PM you. :)

    I can guarantee that my system is malware free. I am a malware removal expert and provide malware removal assistance at BleepingComputer forum , Malwarebytes forum and many more. :)

    Here is a screenshot when the certificate is deleted:

    http://i.imgur.com/cf10S9v.png


    Regards,
    Georgi
     
  3. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    194
    Thanks for the additional details. This doesn't look good. Based on new information I have found, it seems that some unofficial portable versions of certain products were signed by such fake Google certificates. I was able to get a copy of the certificate and will take a deeper look.

    In the meantime, just a wild guess: by any chance, do you have a portable version of RadioSure?
     
    Last edited: Apr 15, 2017
  4. doesntmatter

    doesntmatter Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    35
    Location:
    Bulgaria
    Hi,

    Thank you for your time taking a look at the issue.
    No, never heard of RadioSure before.

    Regards,G.
     
  5. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,396
    Blog-entry about the faked google-certificate (CN="Google"), which was reported in #352
     
  6. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    10
    Location:
    EU
  7. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    194
    Hi wildafrica,
    • The DESKTOP certs: These are unusual and suspicious.
      > Can you check if you installed any new software on April 6?
      > Have you had any malware infections?
      > Can you see the certs in certmgr.msc? If so, please post a screenshot, which might provide more clues.

    • The Avast cert is normal if you have Avast installed. Avast is known to intercept HTTPS connections to check for malicious content.
     
  8. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    10
    Location:
    EU
    Hi svenfaw,

    thank you for your answer and sorry for my late response and sorry for my English.

    1. I tried check it but it is not easy. I checked it in ADD or REMOVE PROGRAMS in Windows. I think there is no suspicious software. Please have a look:
    http://www.bild.me/bild.php?file=668281419.png

    2. I think I had no malware infection.

    3. Yes, I can see them there. But screenshot is not good and I do not know how to copy it because the window cannot be enlarged. http://www.bild.me/bild.php?file=548755820.gif
     
  9. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,066
    Location:
    UK
  10. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    194
    Thanks for the additional information.

    A few more things:

    1. Can you export one of those DESKTOP certificates and upload it somewhere so I can have a look?
    (In certmgr.msc, right-click on the certificate, select "all tasks", then "export")

    2. Can you run a full malware scan using a "second-opinion" scanner (such as Hitman Pro or Zemana)?

    3. Windows Essentials 2012: Are you sure this is legit? It seems this product was retired by Microsoft and there are no more official download links available.
     
  11. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    10
    Location:
    EU
    1. I am sorry, but I deleted both certificates by Zemana. I'm looking how to restore it (I use Zemana portable and there is no item to restore). One certificates was created Januar 17.2017

    2. I scan my PC regularly by Zemana, Hitman, Adwcleaner.

    3. WE 2012 - I do not know. But I use it long time and I do not remember if I have it on my PC from earlier (when I upgraded Windows) or if it is new installation. But I download software from safe site.
     
    Last edited: Apr 28, 2017
  12. Strunzow

    Strunzow Registered Member

    Joined:
    May 9, 2017
    Posts:
    1
    Location:
    Germany
    Downloads are impossible at the moment:

    Not Found

    The requested URL /fs1/_dl_rcc.php was not found on this server.
     
    Last edited by a moderator: May 9, 2017
  13. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    194
    To encourage donations, the availability of RCC (and most other apps) is temporarily restricted to donators... and Wilders members (just DM me for a link) :)
     
  14. Macha

    Macha Registered Member

    Joined:
    Mar 8, 2016
    Posts:
    3
    Location:
    France
  15. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,396
  16. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    463
    Location:
    The Netherlands
  17. AJMinerva

    AJMinerva Registered Member

    Joined:
    Jun 6, 2017
    Posts:
    1
    Location:
    Austin, TX
    @mood , I tried to download the latest version but it looks like the version on your site is a different version and not the new one.

    Thanks,
    AJ
     
  18. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,396
    Each build has an expiry date and it seem that the build 1.069.021 is now expired. :(
    Edit: 1.069.020 is still working
     
    Last edited: Jun 9, 2017
  19. doesntmatter

    doesntmatter Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    35
    Location:
    Bulgaria
    1.0.69.020 is still working by the way. :)
     
  20. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,396
    Oh, indeed :thumb:
     
  21. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    194
    Sorry - an updated build will be available in the next few days.
     
  22. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    194
    Build 1.69.022 is now online and should be valid until the end of July (unless the Microsoft pushes a CTL update earlier).

    SHA256: 3183aa9304ee7dd82be0cad6c36bf1fcd3c95f3c25ccd5604af801a2184af7d8

    Also please note that RCC might be integrated within Root Exposure Manager in the future, although I cannot confirm this yet.
     
  23. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    691
    Location:
    Baden Germany
    Blocked by SmartScreen and blocked and quarantined by ZAM...

    Just for the record.
     
  24. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    864
    File version and Product version still shown as 1.69.021. Launching RCC shows the correct version.
     
  25. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,286
    I hadn't tried this since March 25, 2015 when I mistakenly ran it on XP.

    Tried just now, on my Surface Book.

    RCC_1.69.022_01.JPG RCC_1.69.022_02.JPG RCC_1.69.022_03.JPG
     
Loading...