do_not_trust_fiddlerroot and duckduckgo

  • Recently I suddenly had intermittent trouble getting some https sites to work in Opera. The most consistently broken one was duckduckgo searches from the address bar. Since I always use that search engine, this was kind of a problem. Usually it would result in an error page saying that the page couldn't be reached. Occasionally the page would almost load but be incomplete.

    In looking for a possible cause, I encountered a certificate in the list of certificates called do_not_trust_fiddlerroot .
    This certificate did not appear in any browser except Opera. I tried to look into what this was and found to my horror that it was apparently from a sneaky program called Fiddler that may install in cases where you didn't know it was on there, and would not show up in spybot or other malware searches. This program hides under many names and apparently intercepts ssl/https traffic.

    I checked both browser settings as well as network settings, and I do not have any proxies set anywhere. I searched the registry for "fiddler" and found absolutely nothing. I checked the add/remove programs and found nothing in the list of names people said it might hide under (browsersafe, safeguard, browser safeguard) - nothing. In checking browser settings, too, I tried and could not find the Opera setting that used to put traffic through an Opera caching proxy to speed up web traffic.

    As far as I could tell I had no extensions installed at all into Opera. I did, in the course of my troubleshooting, install the duckduckgo extension to Opera, hoping to be able to use duckduckgo somehow. I've migrated to Opera as my main browser after having had some unresolved problems with Firefox, so it was a real pain to have to use another browser to do duckduckgo searches or resort to using google directly. In any case, I have deleted the do_not_trust_fiddlerroot certificate and it seems like, for now, duckduckgo is working in Opera.

    My first question is where else should I look for this fiddler thing, so if it is on my computer I can get rid of it. My second question is whether other users have encountered issues using https to connect to duckduckgo using Opera, especially in the past few weeks, and what steps might have resolved this issue.

    Opera 34.0.2036.50
    Windows 10 64 bit

  • Fiddler was designed as a legitimate http debugging tool, but malware and adware have hijacked some elements of it. See: http://www.howtogeek.com/210265/download.com-and-others-bundle-superfish-style-https-breaking-adware/

    The whole article is a worthwhile read, but specific mention of the Fiddler cert occurs about 2/3 of the way down the article in the list of flaky Trusted Root Cert Authorities. It's hard to know details of your specific situation, but the article gives insight into where some of this malware exists and how to deal with it.

  • In my experience as a computer technician I have found that there is no one virus/malware/spyware scanner that can catch everything. Or even get close. We run a minimum of three scanners when we suspect a computer has a malware/spyware infection and thats not even counting the virus scanner we require all of our clients to have installed at all times. At a minimum we run Malwarebytes, SuperAntiSpyware, and AdwCleaner. If a system has an active and highly virulent infection we will also run TDSSKiller, RogueKiller, and Combofix. Again, this is on top of a standard virus scanner.

  • Thank you both for your responses. That article was very helpful. I had checked all the browsers' certificates and only Opera had the do_not_trust_fiddlerroot certificate, but I had not checked Windows' certificates. Turns out it was living there as well.

    I agree with lando that no one malware program will find everything. The problem here is there are software programs which some would consider legitimate, according to my searching, which could give you this certificate. Probably no program is going to find those if Spybot isn't (companies have been sued for describing other companies' stuff as malware/unwanted - Spybot is one group that doesn't care about that). Even if I find it with some program I always look into what gets put there so I can make sure I clear out everything. I like to be thorough. I deleted these certificates and made sure there are no proxies or vpns showing, but I want to make sure there is nothing else.

    I thought maybe since this has something to do with proxies that it might have shown up when I installed Avast recently. Or when I reinstalled Flash. Some of these installers try and put other stuff on while you are trying to install that program. I think I will try the antimalware programs you suggest, since you are right that there is no harm in scanning with as many things as you can.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.