Author Topic: The digital signature of tweaking_rati.exe, is invalid?  (Read 17393 times)

0 Members and 1 Guest are viewing this topic.

Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
The digital signature of tweaking_rati.exe, is invalid?
« on: April 28, 2016, 07:12:40 am »
Hi all!

First; thank you for two great programs; Tweaking.com Windows Repair (All in One) and Registry Backup! :smiley:

Especially Windows Repair has saved me several times, when various Windows-functions unknowingly stopped working all of a sudden. :wink:

However, while scanning my computer with HitmanPro.Alert, it says that the digital signature of tweaking_rati.exe, which belongs to Windows Repair (All in One) v.3.8.0.7, is invalid?

Moreover, VirusTotal confirms this: https://www.virustotal.com/en/file/8d1ee9d3f122ddedbf80c213d868faecf8d68352160cb9c3023a59cf03149bdc/analysis/1461079256/

Please correct this?

Thank you very much in advance!

Log file below:

Regards,
midimusicman79

HitmanPro 3.7.14.263
www.hitmanpro.com

   Computer name . . . . : DESKTOP-GL9UU7I
   Windows . . . . . . . : 10.0.0.10586.X64/8
   User name . . . . . . : DESKTOP-GL9UU7I\TMA
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Paid (774 days left)

   Scan date . . . . . . : 2016-04-28 12:28:39
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 27s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1

   Objects scanned . . . : 1 739 523
   Files scanned . . . . : 36 560
   Remnants scanned  . . : 321 690 files / 1 381 273 keys

Suspicious files ____________________________________________________________

   C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\tweaking_rati.exe
      Size . . . . . . . : 46 048 bytes
      Age  . . . . . . . : 1.9 days (2016-04-26 14:44:27)
      Entropy  . . . . . : 5.0
      SHA-256  . . . . . : 8D1EE9D3F122DDEDBF80C213D868FAECF8D68352160CB9C3023A59CF03149BDC
      Product  . . . . . : Tweaking.com - Run As TrustedInstaller
      Publisher  . . . . : Tweaking.com
      Description  . . . : Tweaking.com - Run As TrustedInstaller
      Version  . . . . . : 2.1.0.0
      Copyright  . . . . : 2014
      RSA Key Size . . . : 2048
      LanguageID . . . . : 1033
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
« Last Edit: May 04, 2016, 04:30:20 am by midimusicman79 »
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #1 on: April 28, 2016, 10:47:32 am »
I've upgraded to 3.8.7 and my Norton Security hasn't snagged anything.

When you start WR and it checks its files, does that find any error ?

I would reinstall WR and then see if HMPro or Virus Total.com still snags it.

Offline Julian

  • "Professional Googler"
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jun 2015
  • Posts: 1325
  • Location: USA, New Mexico
  • Karma: 38
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #2 on: April 28, 2016, 11:43:57 am »
Gen, generic, false positive. It is that  only one av. File just has to be sent to them no worries there 😀
Julian

Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #3 on: April 30, 2016, 09:11:46 am »
Hi, Boggin & Julian!

Sorry for the delay on my part!

Anyways, thank you both for the prompt and insightful replies! :smiley:

When i start WR and it checks its files, that does not find any error.

I have uninstalled and reinstalled WR, but HMPro and Virus Total.com still snag it.

Maybe this will be fixed in the next version of WR?

Thank you very much for the help! :smiley:

Regards,
midimusicman79
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #4 on: April 30, 2016, 09:25:49 am »
Download Process Explorer then run Windows Repair to see if Virus Total.com snags anything then.

https://technet.microsoft.com/en-us/sysinternals/processexplorer.aspx

Click on Options and ensure Verify Signature is checked then hover over VirusTotal.com and check its box.

While it doesn't find a verified signature for WR or the system tray, it doesn't give it a rating for me either.


Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #5 on: May 01, 2016, 06:05:18 am »
Hi again, Boggin!

Thank you for the prompt and suggestive reply! :smiley:

I have downloaded Process Explorer, clicked on Options to ensure Verify Signature is checked and then hovered over VirusTotal.com to check its box, and ran Windows Repair (Repair_Windows.exe), but Virus Total.com does not snag anything then either.

And as such, no verified signature or rating for me either.

https://www.virustotal.com/en/file/362c90a0a574297df5f0798980eac101576b722aca4a65c83ceb0d6a1f8356af/analysis/1461877284/

However, when I try to run tweaking_rati.exe, it does not even start at all.

https://www.virustotal.com/en/file/8d1ee9d3f122ddedbf80c213d868faecf8d68352160cb9c3023a59cf03149bdc/analysis/1461079256/

It is funny however, that right-clicking tweaking_rati.exe and looking at its Digital Signature properties, does not list any error.

Luckily though, I do not have any specifical need to run WR as TrustedInstaller.

So I guess this is not really a cause for concern.

And, once again; Thank you very much for the help! :smiley:

Regards,
midimusicman79
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #6 on: May 01, 2016, 07:43:01 am »
This is why it is advised to run WR in Safe Mode so the any AV program doesn't interfere.

I assume WR does start for you in Safe Mode ?

How exactly are you starting WR ?

While an AV program can see a program that works in the registry as a threat, I would think it is unusual that VirusTotal.com would also find it unsafe, but you may have to contact HitmanPro to have it whitelisted.

I'm wondering if once HitmanPro whitelist it whether VirusTotal.com would still snag it.....

Offline Julian

  • "Professional Googler"
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jun 2015
  • Posts: 1325
  • Location: USA, New Mexico
  • Karma: 38
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #7 on: May 01, 2016, 05:46:36 pm »
So that file is used when running repairs as system account. You can't run the file by it self I think it needs specific arguments....and also because windows repair will call that file when necessary like say if you have to reset file permissions you will see a command prompt saying running repairs as system then if you open your task manager you will see that exe running.
Julian

Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #8 on: May 02, 2016, 07:56:22 am »
Hi again, Boggin & Julian!

Thank you both for the prompt and clarifying replies! :smiley:

I am well aware of the recommendation to run WR in Safe Mode.

Yes, WR does start for me in Safe Mode.

The way I am starting WR, is in Normal Mode, which is every time and most of the time I use WR for one specific purpose only, that is to backup my registry and setting a system restore point before I for example install a program. However, occasionally I also start WR in Safe Mode only in order to run repairs.

IMO this is a reasonable interpretation of the above mentioned recommendation. :artist:

As goes for reporting this file to HitmanPro, I actually do not consider HitmanPro to be an AV per se, but if it were I would consider it.

So that file is used when running repairs as system account. You can't run the file by it self I think it needs specific arguments....and also because windows repair will call that file when necessary like say if you have to reset file permissions you will see a command prompt saying running repairs as system then if you open your task manager you will see that exe running.

Understood.

And, once again; Thank you very much for the help! :smiley:

Regards,
midimusicman79
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #9 on: May 02, 2016, 10:31:07 am »
I think I've seen posts where MBAM has given a false positive on something before now which was then reported to MBAM and was corrected.

Given that HitmanPro is a paid for program, then you have the right for it to work properly.

I use Norton and now and again it and Windows Smartwall has blocked AdwCleaner from http://www.bleepingcomputer.com/download/adwcleaner/ then after a few days it will let it in.

HitmanPro may stop reporting the file as a threat as Norton did, but as long as nothing stops the program from working then I would ignore it.

Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #10 on: May 03, 2016, 03:35:27 am »
Hi again, Boggin!

Thank you for the prompt and thorough reply! :smiley:

As it happens, I am a member at http://www.bleepingcomputer.com/.

...Given that HitmanPro is a paid for program, then you have the right for it to work properly.

..., but as long as nothing stops the program from working then I would ignore it.

Yeah, that is what I usually do with FPs -- ignoring them, when I am running anti-malware tools.
BleepingComputer.com actually has a dedicated topic for reporting FPs in AVs, though -- here: http://www.bleepingcomputer.com/forums/t/272337/false-positives-in-antivirus-programs/

However, I do notice that the said topic also deals with FPs in AMs, but that would be way too much work for me, because I have ran many anti-malware tools (approximately 40-50, totals).

This issue has nothing to do with HitmanPro or VirusTotal, because these just report that the digital signature of tweaking_rati.exe, is invalid, something which I believe is Shane, the developer's responsibility to fix, so it would be interesting to hear his opinion.

So, please report this issue to him.

And, once again; Thank you very much for the help! :smiley:

Regards,
midimusicman79
« Last Edit: May 03, 2016, 06:30:57 am by midimusicman79 »
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #11 on: May 03, 2016, 03:52:56 am »
I'll email him with a link to this thread, but a scan with my Norton Security hasn't snagged it.

I'll run MBAM to see if it does, but its scan takes about 40mins so will have to get back to you on that and will delay my email to Shane until I know what that does.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #12 on: May 03, 2016, 05:37:36 am »
Update on this - MBAM came back clean, so will email Shane.

Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #13 on: May 03, 2016, 05:56:04 am »
Hi again, Boggin!

OK, thanks! :smiley:

Regards,
midimusicman79
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #14 on: May 03, 2016, 05:59:11 am »
Can't guarantee when you or I will get a response though as he has a fair bit going on at the moment.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #15 on: May 06, 2016, 09:37:30 am »
If it's still snagging it then you will have to send the file to HitmanPro to clear the false positive.

Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #16 on: May 07, 2016, 07:01:42 am »
Hi again, Boggin!

Thank you for the reply! :smiley:

As far as I am concerned, I have already done enough about this, so it is up to Shane if he wants to fix this issue or not in his next release of WR.

I just rescanned my computer with HitmanPro, but it is not snagging it anymore, however VirusTotal is still reporting that "The digital signature of the object did not verify."

IMO this is not an FP, but maybe that is insignificant.

And, once again; Thank you very much for the help! :smiley:

Regards,
midimusicman79
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #17 on: May 07, 2016, 07:40:48 am »
I've emailed Shane about this and he's adamant that it is a FP.

I've scanned with Norton Security and MBAM and both came up clean.

Offline midimusicman79

  • Newbie
  • *
  • Join Date: Apr 2016
  • Posts: 17
  • Location: Norway
  • Karma: 0
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #18 on: May 07, 2016, 09:02:26 am »
Hi again, Boggin!

Thank you for the prompt and clarifying reply! :smiley:

That is OK; I understand.

So like I said earlier, this is not a cause for concern.

Sorry for bothering you all about this.

Thank you very much for the help! :smiley:

SOLVED.

Regards,
midimusicman79
MS Win 10 Pro 64-bit V. 21H2 (19044) Desktop PC, EAMH Paid/EEK, MB 4 Prem., WPP, SWB Free, CryptoPrevent Free, NVT OSA Free and Unchecky, MDFW, FFQ with CanDef, uBO, Ghostery, EBS, MBBG, Ph.AI IDN P, Nc, Grammarly Free and HTTPS Ew., Acronis CPHOE (DI), SUMo Free. I have 26 Years of PC Experience.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: The digital signature of tweaking_rati.exe, is invalid?
« Reply #19 on: May 07, 2016, 09:11:42 am »
No bother at all - if you have concerns about any of Shane's programs then this is the place to raise them.