RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    215
    Sorry for the late reponse.
    This is actually quite intriguing. I can't seem to import that registry entry - are you sure you posted the entire certificate data?

    A few more questions:
    1. Do you remember the exact name of the certificate?
    2. Did you save RCC's output to a file?
    3. Did you install *any* software (not necessarily Google-related) that day?
    4. Do you remember any unusual popups?
    5. Last but not least - any malware incidents?
     
  2. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    75
    Location:
    Bulgaria
    Hi,

    No worry about the delay.

    I was able to re-import it just fine and then re-scanned with RCC and it was detected again:

    http://i.imgur.com/u6JMW75.png

    So I guess that the screenshot will answer your first two questions.

    I am not sure how to answer on your third question since the date of the installed programs changed (like in the topic here). It is happening from time to time and I am still unable to trace what causes these changes. But yes I probably installed a program or update that day (I keep my programs and the OS always updated). If you want a list of my installed programs please let me know and I can PM you. :)

    I can guarantee that my system is malware free. I am a malware removal expert and provide malware removal assistance at BleepingComputer forum , Malwarebytes forum and many more. :)

    Here is a screenshot when the certificate is deleted:

    http://i.imgur.com/cf10S9v.png


    Regards,
    Georgi
     
  3. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    215
    Thanks for the additional details. This doesn't look good. Based on new information I have found, it seems that some unofficial portable versions of certain products were signed by such fake Google certificates. I was able to get a copy of the certificate and will take a deeper look.

    In the meantime, just a wild guess: by any chance, do you have a portable version of RadioSure?
     
    Last edited: Apr 15, 2017
  4. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    75
    Location:
    Bulgaria
    Hi,

    Thank you for your time taking a look at the issue.
    No, never heard of RadioSure before.

    Regards,G.
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,685
    Blog-entry about the faked google-certificate (CN="Google"), which was reported in #352
     
  6. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    12
    Location:
    EU
  7. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    215
    Hi wildafrica,
    • The DESKTOP certs: These are unusual and suspicious.
      > Can you check if you installed any new software on April 6?
      > Have you had any malware infections?
      > Can you see the certs in certmgr.msc? If so, please post a screenshot, which might provide more clues.

    • The Avast cert is normal if you have Avast installed. Avast is known to intercept HTTPS connections to check for malicious content.
     
  8. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    12
    Location:
    EU
    Hi svenfaw,

    thank you for your answer and sorry for my late response and sorry for my English.

    1. I tried check it but it is not easy. I checked it in ADD or REMOVE PROGRAMS in Windows. I think there is no suspicious software. Please have a look:
    http://www.bild.me/bild.php?file=668281419.png

    2. I think I had no malware infection.

    3. Yes, I can see them there. But screenshot is not good and I do not know how to copy it because the window cannot be enlarged. http://www.bild.me/bild.php?file=548755820.gif
     
  9. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    1,111
    Location:
    UK
  10. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    215
    Thanks for the additional information.

    A few more things:

    1. Can you export one of those DESKTOP certificates and upload it somewhere so I can have a look?
    (In certmgr.msc, right-click on the certificate, select "all tasks", then "export")

    2. Can you run a full malware scan using a "second-opinion" scanner (such as Hitman Pro or Zemana)?

    3. Windows Essentials 2012: Are you sure this is legit? It seems this product was retired by Microsoft and there are no more official download links available.
     
  11. wildafrica

    wildafrica Registered Member

    Joined:
    Jan 15, 2017
    Posts:
    12
    Location:
    EU
    1. I am sorry, but I deleted both certificates by Zemana. I'm looking how to restore it (I use Zemana portable and there is no item to restore). One certificates was created Januar 17.2017

    2. I scan my PC regularly by Zemana, Hitman, Adwcleaner.

    3. WE 2012 - I do not know. But I use it long time and I do not remember if I have it on my PC from earlier (when I upgraded Windows) or if it is new installation. But I download software from safe site.
     
    Last edited: Apr 28, 2017
  12. Strunzow

    Strunzow Registered Member

    Joined:
    May 9, 2017
    Posts:
    1
    Location:
    Germany
    Downloads are impossible at the moment:

    Not Found

    The requested URL /fs1/_dl_rcc.php was not found on this server.
     
    Last edited by a moderator: May 9, 2017
  13. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    215
    To encourage donations, the availability of RCC (and most other apps) is temporarily restricted to donators... and Wilders members (just DM me for a link) :)
     
  14. Macha

    Macha Registered Member

    Joined:
    Mar 8, 2016
    Posts:
    3
    Location:
    France
  15. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,685
  16. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    558
    Location:
    The Netherlands
  17. AJMinerva

    AJMinerva Registered Member

    Joined:
    Jun 6, 2017
    Posts:
    1
    Location:
    Austin, TX
    @mood , I tried to download the latest version but it looks like the version on your site is a different version and not the new one.

    Thanks,
    AJ
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,685
    Each build has an expiry date and it seem that the build 1.069.021 is now expired. :(
    Edit: 1.069.020 is still working
     
    Last edited: Jun 9, 2017
  19. B-boy/StyLe/

    B-boy/StyLe/ Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    75
    Location:
    Bulgaria
    1.0.69.020 is still working by the way. :)
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    7,685
    Oh, indeed :thumb:
     
  21. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    215
    Sorry - an updated build will be available in the next few days.
     
  22. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    215
    Build 1.69.022 is now online and should be valid until the end of July (unless the Microsoft pushes a CTL update earlier).

    SHA256: 3183aa9304ee7dd82be0cad6c36bf1fcd3c95f3c25ccd5604af801a2184af7d8

    Also please note that RCC might be integrated within Root Exposure Manager in the future, although I cannot confirm this yet.
     
  23. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    742
    Location:
    Baden Germany
    Blocked by SmartScreen and blocked and quarantined by ZAM...

    Just for the record.
     
  24. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    1,094
    File version and Product version still shown as 1.69.021. Launching RCC shows the correct version.
     
  25. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,630
    I hadn't tried this since March 25, 2015 when I mistakenly ran it on XP.

    Tried just now, on my Surface Book.

    RCC_1.69.022_01.JPG RCC_1.69.022_02.JPG RCC_1.69.022_03.JPG
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.