Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Broken digital signature


  • Please log in to reply
10 replies to this topic

#1 Cluless

Cluless

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:06:29 AM

Posted 28 November 2010 - 05:02 AM

Hi Guys

Have tried this post on " am I infected" forum without reply. Probably wrong forum anyway. I have Vista OS with AVG 2011 free. When I scan it comes up with 7 files with the narrative " this file has a broken digital signature issued by the Microsoft corporation" I have no idea what that means, can anyone enlighten me?

regards


Cluey

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 28 November 2010 - 06:51 AM

Although I'm not familiar with this particular AVG 2011 message, the meaning is quite obvious to me.

AVG 2011 has checked the digital signature (Authenticode) of Microsoft executables, and found 7 executables produced and signed by Microsoft, that have an invalid signature.
The most common reason for an invalid signature is that the executable has been modified after it was signed.

Does AVG tell you which executables have a "broken digital signature"? Can you share this with us?
Because one possible explanation for a modified executable, is that you have a malware infection.

In this blogpost, I explain how to check digital signatures: http://blog.didierstevens.com/2008/01/11/the-case-of-the-missing-digital-signatures-tab/

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:29 AM

Posted 28 November 2010 - 10:04 AM

There is a discussion thread at AVG in regards to "file is signed with a broken digitial signature, issued by Microsoft Corp".

AVG scan is able to detect files which may not be infected, but are suspicious. These files are reported either as Warning (described in FAQ 1327), or as Information. The severity Information can be reported for one of the following reasons:

The file is signed with a broken digital signature
The reported file was signed with a digital certificate ensuring its integrity. However due to changes to it, the certificate no longer corresponds with the content. This might happen when file is infected but also when it was incorrectly updated, broken due to some error or when the digital signature expired.

AVG FAQ 2677: Information in a test result

A lot of the alerts are for broken digital signatures stored in the System Volume Information folder such as this example.

"C:\System Volume Information\_restore{997332B2-67F1-48D7-90DB-920F9AE0F53F}\RP99\A0011929.exe";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""


Information about broken digital signature is not critical. It means that the digital signature is no longer valid or the file has been tampered with. Invalid digital signature indicates could also mean that vendor of the file does no extended his certificate. You may also send us such file for analysis as described in the "How To Handle Infection Suspicion?" post, if you find the file suspicious.
In case, it is some older file (installation backup etc.) there is no need to send it to us. You can simply check the certificate validity by right-clicking the file -> Properties -> Digital Signatures* -> select a vendor -> Details -> View Certificate -> check the Valid to value. Please contact the file vendor in case the digital signature is no longer valid; it is very likely there is some updated version available.

Scan Computer Error Broken Signature
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:12:29 AM

Posted 28 November 2010 - 10:39 AM

I think quietman7 has hit the nail on the head. I think its AVG update related problem.
But still you can do sfc /scannow in a elevated command prompt window. If it finds any corrupt or modified Microsoft files, it will try to replace them.

#5 Cluless

Cluless
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:06:29 AM

Posted 29 November 2010 - 02:26 AM

Thanks one and all, from reading other forums the consensus is that it is an AVG related problem. Though I will do as you suggest.

regards

Cluey

PS Am now considering swapping to Avast

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:29 AM

Posted 29 November 2010 - 07:33 AM

There have been numerous complaints about AVG 2011 becoming a resource hog and issues/conflicts with other security tools like Malwarebytes' Anti-Malware. There have also been reported problems with computers after using new features like PC Analyzer and PC Tuneup which purport to fix registry errors in order to make the system more stable and various optimizing tools which can make changes to system settings.

I do not recommend the routine use of registry cleaners/optimizers as they are extremely powerful applications that can damage the Windows registry by using aggressive cleaning routines and cause your computer to become unbootable. The registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from booting properly. For routine use, the benefits to your computer are negligible while the potential risks are great.

For these reasons, I no longer recommend AVG as a free alternative.

Edited by quietman7, 29 November 2010 - 07:35 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 29 November 2010 - 02:40 PM

I've an idea what's going wrong. Cluey, can you tell us in which folders the files were located?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#8 Cluless

Cluless
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:06:29 AM

Posted 30 November 2010 - 02:48 AM

Files effected are:

Windows installer/75e21.msi
/5a93d.msi
/289a167.msi
/3692.msi
/13554.msi

Hope that helps

regards


Cluey

#9 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,720 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:29 AM

Posted 30 November 2010 - 11:42 AM

Thanks Cluey!

But it's not what I expected, it doesn't confirm my idea.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#10 Cluless

Cluless
  • Topic Starter

  • Members
  • 146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Wales
  • Local time:06:29 AM

Posted 04 December 2010 - 02:54 PM

As a postscript to this thread, Quietman put me onto the AVG forum discussing the issue. AVG admits they have made a mistake in highliting " Broken digital signatures" particularly as they offer no explanation or remedy. I have since downloaded updates and rescanned. The problem has now gone away and I'm satisfied it is not malware related.

thanks to all helpers

Cluey

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,771 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:29 AM

Posted 04 December 2010 - 03:59 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users