..\Trust Providers\Software Publishing\Trust Database\0

T

tlviewer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Black976 said:
Hi,
Someone knows how is generated the key?
Thanks.

<snip article about bad MS Certs>
If "Microsoft Corporation" appears multiple times, use these steps to
remove these fraudulent certificates:

Start Registry Editor (Regedit.exe).

Determine whether the following key in the registry

HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\
WinTrust\Trust Providers\Software Publishing\Trust Database\0

contains one or more of the following values:

bhhphijojgfcdocagmhjgjbhmieinfap
pnkllbeoaimhfgpfonehpajhppeaaohf
bhhphijojgfcdocagmhjgjbhmieinfap
gkjjdhegecmnfejcjmdjcedhphjafbbl

If these values exist, delete them by clicking the value
and then clicking Delete on the Edit menu.Quit Registry Editor.

<unsnip>

Permit me to take a huge guess here ...
Notice that the above 4 key values are limited to the
characters a-p, which (surprise!) maps to the hexidecimal
number space. IOW you are always dealing with the first
16 letters of the alphabet.

I have not done this but, see if these 32 byte strings
somehow map to the SHA or MD5 fingerprint of the
associated Certs.

Chances are these are unique properties of the
Certs which are the same from machine to machine for
the same Cert.

good luck,
msp



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAY0f86ol16hqWbsURAnUwAKD50ahbPE6giq7OI8xt6DflO0L4uQCgx326
+BkIQ92BT1dLYGy5+ceGoTQ=
=12AZ
-----END PGP SIGNATURE-----
 
T

tlviewer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Black976 said:
Hi,
Someone knows how is generated the key?
Thanks.

<snip article about bad MS Certs>
If "Microsoft Corporation" appears multiple times, use these steps to
remove these fraudulent certificates:

Start Registry Editor (Regedit.exe).

Determine whether the following key in the registry

HKEY CURRENT USER\Software\Microsoft\Windows\CurrentVersion\
WinTrust\Trust Providers\Software Publishing\Trust Database\0

contains one or more of the following values:

bhhphijojgfcdocagmhjgjbhmieinfap
pnkllbeoaimhfgpfonehpajhppeaaohf
bhhphijojgfcdocagmhjgjbhmieinfap
gkjjdhegecmnfejcjmdjcedhphjafbbl

If these values exist, delete them by clicking the value
and then clicking Delete on the Edit menu.Quit Registry Editor.

<unsnip>

Permit me to take a huge guess here ...
Notice that the above 4 key values are limited to the
characters a-p, which (surprise!) maps to the hexidecimal
number space. IOW you are always dealing with the first
16 letters of the alphabet.

I have not done this but, see if these 32 byte strings
somehow map to the SHA or MD5 fingerprint of the
associated Certs.

Chances are these are unique properties of the
Certs which are the same from machine to machine for
the same Cert.

good luck,
msp



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)

iD8DBQFAY0f86ol16hqWbsURAnUwAKD50ahbPE6giq7OI8xt6DflO0L4uQCgx326
+BkIQ92BT1dLYGy5+ceGoTQ=
=12AZ
-----END PGP SIGNATURE-----
 
B

Black976

Yes, Thanks.
Now, I would like to know how the key is generated by the certificate.
I would delete a specified key knowing the certificate, Like do Internet
Explorer.

Thank you very much.
 
B

Black976

Yes, Thanks.
Now, I would like to know how the key is generated by the certificate.
I would delete a specified key knowing the certificate, Like do Internet
Explorer.

Thank you very much.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top