SOLVED Window 7 CERTIFICATE THREAT

[Jeffreyobrien]

Hello members,
Yesterday after reading the email about IE9 I couldnt help myself as it is very plain simple very very fast.Anyway back to my point of posting certificate manager had 2 certificates there and I am confused as to How they were installed.Certificates are not my area of knowledge especially when it come down to this security weakness that windows always seem to cross.


WHEN I downloaded IE9 yesterday FRAUDULENT CERTIFICATE flashed up on my desktop,so i went into Credential Manager in control panel then clicked on Certificate-based Credentials & took a look at UNTRUSTED CERTIFICATES,to my shocked amazement being I assumed something was & is very wrong here seeing activity after I go OFFLINE.

wow to my amazement there were two certificates BOTH FRAUDULENT NOT MICROSOFT & VERISIGN ALSO they were giving FULL admin right to many security related Issues which make anyone feel totally useless about keeping this off win 7does anyone else have these two certificates in their credential certificate based Manager:

(1)microsoft corporation Verisign Commercial Software CA Expire 01/02/2002 FRAUDULENT now set to none(DISABLED)from enabled it was set to go online at 5pm daily (i go offline at 5pm daily)

(2)microsoft corporation Verisign Commercial Software CA Expire 31/1/2002 now set to none this also had FULL ADMIN RIGHTS and a keep alive internet 7 setup for use as a loopback from 127.0.0.1\255.0.55.53 CAN ANYONE EXPLAIN how & why i never knew they were even there as i monitor my security norton history every ten mins never see anything but unusual things all day long
Any help would REALLY BE APPRECIATED
respectfully
jeffreyobrien

 

[davehc]

Assuming you downloaded IE9 from the normal advertised source, your problem has nothing to do with IE9. The certificates were placed there through a third party program, ot through an unfortunate browsing connection you may have made.
I have none such, nor have I collected anything like it from other sources.
There are quite a few comments on the subject, on the web. Here is one example:
http://articles.techrepublic.com.com/5100-10878_11-5033191.html

Here is my certificate window,
View attachment 925

Fwiw. Nothing to do with this topic, but your posts, imho, would be easier to assimilate if you kept the text in lower case.

 

[catilley1092]

Jeffrey, you and your friend may need to install a program such as Malwarebytes, update it and do a FULL scan. I'm not 100% positive, but it sounds like you may have some spyware or malware on your computer. Some downloaded programs includes these. But my offer of the IE9 pre-beta came directly from Microsoft in a newsletter, and I downloaded it from that link. I don't think that using this software would cause any problems, unless you don't have an adequate AV, or don't keep it updated. You should also do a full scan with your AV once weekly, at the least, and have "real time" protection enabled. Malwarebytes has a free version that you can use to do a scan with to see if you're infected. And if you scan and somethings found, scan again. Try this out, if you need more advice, post back.

 

[Jeffreyobrien]

Hi davehc,
I had downloaded the IE9 preview from same exact newsletter as catilley,I am sorry if my post misled any readers I never had the fraudulent certificates prior to setting up IE9 preview THAT is when I noticed another update going on without my admin approval Catilley for record I use Norton 360 Premium edition version 4 with latest pulse updates,it is configured correctly by Norton as well the copy of win 7 being RTM.
I have no third party applications except for Adobe & Active whois.I have called mark from Microsoft as well sent a message to my complete contact list Guess what?YES they also had the same two certificates on their PC so i am aware that I have these I am also aware they need to be deleted what I need to find out is HOW they were installed without me seeing or realising they were there until adobe was downloading after IE9 from Microsoft.

Catilley & davehc I appreciate your assistance and will keep the lower case down as well I will watch my subjects.I was very EXCITED when this happened and for this I also appologise as to read thing like this Fwiw. Nothing to do with this topic, but your posts, imho, would be easier to assimilate if you kept the text in lower case."Visual FIX" is a registered trademark of Assimilate Technology, Inc. The marks "FIX" and "FIX Protocol" are registered sorry davehc i will be more careful in future so others can fully understand what my post is about ,that is why I re-posted it under Window 7 CERTIFICATE THREAT .no ie9 had nothing to do with the 2 certificates found on my laptop.
respectfully always
jeffreyobrien

Assuming you downloaded IE9 from the normal advertised source, your problem has nothing to do with IE9. The certificates were placed there through a third party program, ot through an unfortunate browsing connection you may have made.
I have none such, nor have I collected anything like it from other sources.
There are quite a few comments on the subject, on the web. Here is one example:
http://articles.techrepublic.com.com/5100-10878_11-5033191.html

Here is my certificate window,
View attachment 925

Fwiw. Nothing to do with this topic, but your posts, imho, would be easier to assimilate if you kept the text in lower case.

 

[Jeffreyobrien]

Catilley,
well we took your advice and we did a format on all three laptops,we then did a clean install of win7 home premium 64bit on rodneys two,on mine I installed RTM 7600 x64bit

After we plugged in the 3G USB Modems & setup these devices which are both E160 made by Huawei made feb 2009 they are on compatability list for win7,Prior to going online the very first thing I did was to go into certificates Credentials which to my amazement in un trusted certificates on all three systems,they were back.

Certificates 2 not microsoft (Fraudulent) certificates as mentioned in my post last week.i do not see these on the copy of win 7 & i am totally confused on this one.

We both purchased all 3 laptops from same store anyway mate what & where could these come from,the only thing i see a threat from is that both of us use 3G (usb)modems I think this is where the software comes from .

Any help or understanding about this would be greatly appreciated as I am concerned as to what to do about them.
respectfully
jeffreyobrien

 

[Nibiru2012]

This apparently has something to do with your wireless devices and/or router, etc.

It's definitely not from Microsoft and it's definitely not spyware, malware or that type of thing.

Check with the store you got them at and see if they have any suggestions, or call M$ support.

 

[catilley1092]

Jeffrey, after all of this trouble, it must be your modem. I had two different USB internet modems, and they were much slower and cost more than a cable internet service. The last one that I had ran around 25 to 35KB/sec, which is slow as dirt. When I bought this desktop, that service had to go. Most cable/phone lines has some form of protection within them, although you can't use this as your AV.

 

[Jeffreyobrien]

Hello Nibiru2012,
firstly thank you for taking the time to help me,I have called M$ they agreed it could be the Wireless USB Modems,and we have contacted several other people that are using the E160 & E160G with 3G (three.com.au).

Support and drivers come from their own company,I have written a snail mail letter to hewlett & packard,Microsoft & hauwei.What I have Just found out these were in fact designed for Vista x64 & Hauwei released new drivers on 15/03/2010 for windows 7

This update changed nothing only now the drivers are STILL un signed so I would assume they are still to be finalised and yet to be released offically.I looked again as expected did not alter certificates we did however delete them off one laptop to my amazement the device still worked fine.Until he re booted his system then his internet connection was dead and still won't go online.
have a great day again thank you for your time and assistance
regards
jeffreyobrien

 

[Nibiru2012]

Just because a driver is "unsigned" does not mean it is inferior or unfinished. It just means that the company hasn't gotten Microsoft's WHQL - Windows Hardware Quality Labs kiss of approval. I believe the driver vendor also has to pay M$ to get that certification, I could be wrong on that though.

I have found that with LAN Ethernet and wireless drivers that using their connection utilities which are usually embedded can cause problems. I load just the driver only, nothing else.

I just use the device manager to search the folder where the driver is stored and load the driver through the "Updated Driver" option. That is what works best for me. Then I let Windows do the connecting.

 

[catilley1092]

That's right, I have a couple of programs with unsigned drivers. ImgBurn and File Hippo Update Checker doesn't have signed drivers. In fact, there's a red warning sign to let you know this. All you have to do is scan it with your AV.

 

[Veedaz]

Used ImgBurn for years in XP and use it now in Winodows 7 Pro never had any problems with it (unsigned drivers including)

 

[Nibiru2012]

ImgBurn uses the windows native SPTI driver, which is similar to ASPI, but more for the likes of XP, Vista and Win 7.

SPTI - SCSI Pass-Through Interface

 

[Jeffreyobrien]

Catilley,
members I have discovered the device E160 & E160G have been the cause of both fraudulent certificates,i have called Andrew Horbury and have given all details relating to these and they(Verisign)will advise Microsoft,hewlett& packard and also Huawei HSDPA 3.6mbps devices installs these when (during)installation next time I will use the website and manually install this device using another connection,if only i knew this prior to setting up all four laptops now for the beast Desktop thanks everyone for your comments,help and knowledge I appreciate this more than most.
respectfully
jeffreyobrien