RCC - check your system's trusted root certificate store

Discussion in 'other anti-malware software' started by svenfaw, Feb 28, 2015.

  1. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    166
    Sorry for the late reponse.
    This is actually quite intriguing. I can't seem to import that registry entry - are you sure you posted the entire certificate data?

    A few more questions:
    1. Do you remember the exact name of the certificate?
    2. Did you save RCC's output to a file?
    3. Did you install *any* software (not necessarily Google-related) that day?
    4. Do you remember any unusual popups?
    5. Last but not least - any malware incidents?
     
  2. doesntmatter

    doesntmatter Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    20
    Location:
    Bulgaria
    Hi,

    No worry about the delay.

    I was able to re-import it just fine and then re-scanned with RCC and it was detected again:

    http://i.imgur.com/u6JMW75.png

    So I guess that the screenshot will answer your first two questions.

    I am not sure how to answer on your third question since the date of the installed programs changed (like in the topic here). It is happening from time to time and I am still unable to trace what causes these changes. But yes I probably installed a program or update that day (I keep my programs and the OS always updated). If you want a list of my installed programs please let me know and I can PM you. :)

    I can guarantee that my system is malware free. I am a malware removal expert and provide malware removal assistance at BleepingComputer forum , Malwarebytes forum and many more. :)

    Here is a screenshot when the certificate is deleted:

    http://i.imgur.com/cf10S9v.png


    Regards,
    Georgi
     
  3. svenfaw

    svenfaw Registered Member

    Joined:
    May 7, 2012
    Posts:
    166
    Thanks for the additional details. This doesn't look good. Based on new information I have found, it seems that some unofficial portable versions of certain products were signed by such fake Google certificates. I was able to get a copy of the certificate and will take a deeper look.

    In the meantime, just a wild guess: by any chance, do you have a portable version of RadioSure?
     
    Last edited: Apr 15, 2017
  4. doesntmatter

    doesntmatter Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    20
    Location:
    Bulgaria
    Hi,

    Thank you for your time taking a look at the issue.
    No, never heard of RadioSure before.

    Regards,G.
     
  5. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    1,743
    Blog-entry about the faked google-certificate (CN="Google"), which was reported in #352
     
Loading...