Solved HDCleaner signature has become invalid: A certificate chain processed, but terminated in a rootcertificate which is not trusted by the trust provider

[Wrecker4923]

HDCleaner's, at least the last 2 versions, signatures have become invalid, i.e., a certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. This seems to affect both the installer and the .exe itself, possibly resulting in the .exe not launching (with Windows Defender, and ConfigureDefender's setting set to High).

Is anyone else experiencing the same problem? Any news?

 

[Zero Knowledge]

Used this software once but there are better options, Privazer is stable and configurable, Wise Disk Cleaner is safe and reliable, and then Bleechbit and Privacy Eraser.

 

[Divine_Barakah]

Used this software once but there are better options, Privazer is stable and configurable, Wise Disk Cleaner is safe and reliable, and then Bleechbit and Privacy Eraser.

Been using Kerish doctor for years and it never cause one issue for me.

 

[bjm_]

HDCleaner's, at least the last 2 versions, signatures have become invalid, i.e., a certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

~ and "Install Certificate" and placing it in the "Trusted Root Certification Authorities" store....does not help?
HDCleaner certificate appears to be self-signed.
Your OS is flagging the certificate?
Your OS is designed to trust only certificates verified by established authorities.

 

[Wrecker4923]

HDCleaner certificate appears to be self-signed.

Thanks for the info; I never realized that. I thought I always checked this kind of thing (signature with no trusted root) religiously, but apparently not .

No, the OS didn't flag it. Running it doesn't seem to get the UI to show up, which is why I was looking at possible causes in the first place.

 

[Sorrento]

I haven't had any problems here & my 10 pence worth is I really Ike it & along with Hi-Bit its the best I've ever used, BleachBit is OK but the last time I used a a few months back it removes favicons despite everything I tried. - Has anyone mailed the HD developer Kurt Zimmermann about this, I once mailed about an issue & he resolved it??

 

[Xtwillight]

Thanks for the info; I never realized that. I thought I always checked this kind of thing (signature with no trusted root) religiously, but apparently not .

No, the OS didn't flag it. Running it doesn't seem to get the UI to show up, which is why I was looking at possible causes in the first place.

Hello Wrecker4923, I emailed Kurt Zimmerman.

His reply was, “I don't have the money to buy certificates, so I certified myself.”

 

[Wrecker4923]

Does anyone know how to validate if it was Kurt Zimmerman who signs the executables (from the executables themselves?), without installing the certificate as root. CoPilot suggests using PowerShell's command:

Get-AuthenticodeSignature -FilePath .\HDCleaner.exe

which does return the result:

SignerCertificate
-----------------
6C31AFE634731CEFF5B22A60322515387EED4AF4

Some of his executables (installers, HDCleaner.exe) present and past(?) appear to return this number. This is also the certificate's "Thumbprint" (in the Certificate UI). Is this the right method?

 

[Xtwillight]

Why not write to him and ask him:

info@kurtzimmermann.com

 

[Wrecker4923]

Why not write to him and ask him:

Then, I wouldn't be having this delightful conversation with all of you . Kidding aside, I might do that yet.

It turns out that VirusTotal also lists "x509 Certificates," showing that Kurt is probably using two certificates to sign his binaries (.exe and .dll) with the thumbprints of:

• 6C31AFE634731CEFF5B22A60322515387EED4AF4
• 9BEF9DED39DF7F8FA49E11C74F2180A6CA77CC16

These are much easier to find than digging through the Windows UI or PowerShell. VT also lists larger thumbprints which are less prone to collisions. VT at work for you!