cancel
Showing results for 
Search instead for 
Did you mean: 

Please read if you have you or are you downloading Windows Software.

Anonymous
Not applicable

Please read if you have you or are you downloading Windows Software.

If you have or are then you may want to check the root certificate of the certificate used to sign the installer.

Sha1 thumbprint:    33FCD70343BBE07972D73CDEFDEB3C9F4DCEFE28
Validity:           2015-07-21 23:05:08 -> 2020-07-20 23:05:08

The above is a forged Google Root Certificate that has all EKUs enabled so can be used for any purpose. If you find the details above remove the software and scan your PC for root kits, trojans et al.

To check the certificate right click the application and select its properties. Select the Digital Signatures Tab and you should be able to view the certificate chain using the Details button.

12 REPLIES 12
shutter
Community Veteran
Posts: 21,832
Thanks: 3,620
Fixes: 60
Registered: ‎06-11-2007

Re: Please read if you have you or are you downloading Windows Software.

Totally confused.... !... ( easily done ! ! ).. so what is the threat? and what is the "app" that you need to check it on?

 

If it is forged, ( and I`m not saying it isn`t ).. is it wise to post it on a public open forum, for any other miscreants to use ?

I realise that you are trying to help and safeguard other legit users, but am confused as to what it refers.

 

St3
Aspiring Champion
Posts: 2,614
Thanks: 500
Fixes: 5
Registered: ‎13-07-2012

Re: Please read if you have you or are you downloading Windows Software.

im confused too

Minivanman
Legend
Posts: 15,094
Thanks: 6,342
Fixes: 1
Registered: ‎04-11-2014

Re: Please read if you have you or are you downloading Windows Software.

I'm confused as to why it's on General Chat Roll_eyes


Truth is like a threshing machine; tender sensibilities must keep out of the way.
Herman Melville
Mav
Moderator
Moderator
Posts: 21,499
Thanks: 4,388
Fixes: 500
Registered: ‎06-04-2007

Re: Please read if you have you or are you downloading Windows Software.

Moderator's note:

I've moved this thread to Tech Help.

 

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

VileReynard
Hero
Posts: 12,613
Thanks: 630
Fixes: 20
Registered: ‎01-09-2007

Re: Please read if you have you or are you downloading Windows Software.

You mean Windows trusts all sites with a valid certificate for software installs?

Anyone can purchase a valid certificate for a web site.

"In The Beginning Was The Word, And The Word Was Aardvark."

shutter
Community Veteran
Posts: 21,832
Thanks: 3,620
Fixes: 60
Registered: ‎06-11-2007

Re: Please read if you have you or are you downloading Windows Software.

Linux troll at it again.. Roll_eyes

jaread83
Community Gaffer
Community Gaffer
Posts: 3,438
Thanks: 2,337
Fixes: 81
Registered: ‎22-02-2016

Re: Please read if you have you or are you downloading Windows Software.

Google was quick to index the OP.

Screen Shot 2017-04-28 at 15.03.35.png

But in all seriousness, the top link on that search also confirms this revelation.

@Anonymous, I have so much software installed on my home computer it would be impossible to check absolutely everything. Are there any particular methods in checking everything for this root cert? Will this make it so malicious software could take the cert and trick computers into thinking its from a trusted source?

Sorry for the questions, I have never seen this before.

Frontend Web Developer | www.plus.net

If you have an idea to improve the community, create a new topic on our Community Feedback board to start a discussion about your idea.

Mav
Moderator
Moderator
Posts: 21,499
Thanks: 4,388
Fixes: 500
Registered: ‎06-04-2007

Re: Please read if you have you or are you downloading Windows Software.

Moderator's note:

A post was removed at the poster's request.

Forum Moderator and Customer
Courage is resistance to fear, mastery of fear, not absence of fear - Mark Twain
He who feared he would not succeed sat still

Anonymous
Not applicable

Re: Please read if you have you or are you downloading Windows Software.

Sorry for the delay in responding as I didn’t subscribe to the thread and it was @jaread83's mention that brought me here. Also I posted this in General so it would get the most readers due to the nature of it.

Because this certificate can be used for any purpose a developer could generate their own code signing certificate from if. After signing their application it would appear to be legitimate, as it would have a valid certificate chain.

I'd say when you see a digitally signed application (regardless of what it does) you have a tendency to trust it implicitly. But applications signed with this root certificate should not be trusted.

You may want to use the RCC utility cited in the HXA google result, you can download that from here. Remembering to check the hash of course.

My post may well be presumptive but this is a given opportunity to the malicious code writer that I think would be hard to ignore, and I have posted here due to the fact that some users download ‘useful’ utilities from the internet.

I was simply trying to be helpful!

 

ReedRichards
Seasoned Pro
Posts: 4,927
Thanks: 145
Fixes: 25
Registered: ‎14-07-2009

Re: Please read if you have you or are you downloading Windows Software.

I downloaded the Root Certificate scanner rcc.exe but Windows tells me it does not have a valid digital signature.

jaread83
Community Gaffer
Community Gaffer
Posts: 3,438
Thanks: 2,337
Fixes: 81
Registered: ‎22-02-2016

Re: Please read if you have you or are you downloading Windows Software.

I will give this a go later on when I get home. I don't think I have any dodgy software installed but you can never be too careful these days. Thanks for sharing Mook!

Frontend Web Developer | www.plus.net

If you have an idea to improve the community, create a new topic on our Community Feedback board to start a discussion about your idea.

Anonymous
Not applicable

Re: Please read if you have you or are you downloading Windows Software.

@ReedRichards - Fair enough but from the download link:

Note: Opinions and software posted here are solely my own and do not represent my current employer or any other organization.

Of course it is up to you to trust this, and considering the context of the post that maybe easier said than done. But it is both a trusted individual and source so the choice is yours. But at least it's not signed with a dodgy certificate!