Please read if you have you or are you downloading Windows Software.

Anonymous · ‎28-04-2017

If you have or are then you may want to check the root certificate of the certificate used to sign the installer.

Sha1 thumbprint:    33FCD70343BBE07972D73CDEFDEB3C9F4DCEFE28
Validity:           2015-07-21 23:05:08 -> 2020-07-20 23:05:08

The above is a forged Google Root Certificate that has all EKUs enabled so can be used for any purpose. If you find the details above remove the software and scan your PC for root kits, trojans et al.

To check the certificate right click the application and select its properties. Select the Digital Signatures Tab and you should be able to view the certificate chain using the Details button.

shutter · ‎06-11-2007

Totally confused.... !... ( easily done ! ! ).. so what is the threat? and what is the "app" that you need to check it on?

If it is forged, ( and I`m not saying it isn`t ).. is it wise to post it on a public open forum, for any other miscreants to use ?

I realise that you are trying to help and safeguard other legit users, but am confused as to what it refers.

St3 · ‎13-07-2012

im confused too

Minivanman · ‎04-11-2014

I'm confused as to why it's on General Chat

Truth is like a threshing machine; tender sensibilities must keep out of the way.
Herman Melville

Mav · ‎06-04-2007

Moderator's note:

I've moved this thread to Tech Help.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

VileReynard · ‎01-09-2007

You mean Windows trusts all sites with a valid certificate for software installs?

Anyone can purchase a valid certificate for a web site.

"In The Beginning Was The Word, And The Word Was Aardvark."

shutter · ‎06-11-2007

Linux troll at it again..

jaread83 · ‎22-02-2016

Google was quick to index the OP.

But in all seriousness, the top link on that search also confirms this revelation.

@Anonymous, I have so much software installed on my home computer it would be impossible to check absolutely everything. Are there any particular methods in checking everything for this root cert? Will this make it so malicious software could take the cert and trick computers into thinking its from a trusted source?

Sorry for the questions, I have never seen this before.

Frontend Web Developer | www.plus.net

If you have an idea to improve the community, create a new topic on our Community Feedback board to start a discussion about your idea.

Mav · ‎06-04-2007

Moderator's note:

A post was removed at the poster's request.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Anonymous · ‎28-04-2017

Sorry for the delay in responding as I didn’t subscribe to the thread and it was @jaread83's mention that brought me here. Also I posted this in General so it would get the most readers due to the nature of it.

Because this certificate can be used for any purpose a developer could generate their own code signing certificate from if. After signing their application it would appear to be legitimate, as it would have a valid certificate chain.

I'd say when you see a digitally signed application (regardless of what it does) you have a tendency to trust it implicitly. But applications signed with this root certificate should not be trusted.

You may want to use the RCC utility cited in the HXA google result, you can download that from here. Remembering to check the hash of course.

My post may well be presumptive but this is a given opportunity to the malicious code writer that I think would be hard to ignore, and I have posted here due to the fact that some users download ‘useful’ utilities from the internet.

I was simply trying to be helpful!

ReedRichards · ‎14-07-2009

I downloaded the Root Certificate scanner rcc.exe but Windows tells me it does not have a valid digital signature.

jaread83 · ‎22-02-2016

I will give this a go later on when I get home. I don't think I have any dodgy software installed but you can never be too careful these days. Thanks for sharing Mook!

Frontend Web Developer | www.plus.net

If you have an idea to improve the community, create a new topic on our Community Feedback board to start a discussion about your idea.

Anonymous · ‎28-04-2017

@ReedRichards - Fair enough but from the download link:

Note: Opinions and software posted here are solely my own and do not represent my current employer or any other organization.

Of course it is up to you to trust this, and considering the context of the post that maybe easier said than done. But it is both a trusted individual and source so the choice is yours. But at least it's not signed with a dodgy certificate!