TeamViewer pushing Malware certificate from ONRENTS4U.COM??

dgun469
dgun469 Posts: 8 ✭✭
in General questions

Everytime I start teamviewer this is the popup I am getting after trying to close a session. I have been seeing this for about a month now but just closed it being in a hurry. Can someone tell me why I am getting a certificate push from teamviewer for ONRENTS4U.COM?

I also didn't know where to post this so endpoint sounded like a safe bet.

TEAMVIEWER_CERTIFICATE.png

 

Comments

  • Stanislav
    Stanislav Posts: 302 [Former Staff]

    Hi @dgun469 

    I am not sure why this situation is occurring. What actions are you trying to take when this is appearing besides the Closing of a session? Do you have the browser open while this is happening?

    Please get in touch with our Support to investigate this issue more. We never got this situation before. I will ask for this case to be moved to the TeamViewer community as this is the community for Remote management Services. 

    Product Owner, Remote Management services.
  • dgun469
    dgun469 Posts: 8 ✭✭

    Browser was already open however I was on the NASA website which wasn't the same website I was on the last time this popped up. The browser hasn't always been opened during my sessions with TeamViewer. This certificate push did NOT prompt me to open a website. I input the website myself and opened it to see where it was leading to.

    TeamViewer was NOT running on this client when I clicked to open TeamViewer. I then connected to another computer on this network to view footage on security cameras. After closing the session this security alert immediately popped up asking me to proceed with installing the certificate. That is exactly how it happens every single time except I had my browser open this time. Thank you for your response @Stanislav 

    Update: Unfortunatly using the free version is not allowing me to open a ticket with support @Stanislav. Perhaps you could send this to support for a closer look? It isn't really a bother to me however if it is in fact malware and other users are installing this certificate it could be very dangerous and eventually infect millions. It may be on TeamViewer servers, who knows??? I'm just trying to help.

  • JoshP
    JoshP Posts: 894 Community Manager 🌍

    Hello @dgun469 

    Thank you for the clarification. 

    We have forwarded this internally, to see if there is any clarification.

    We will update here once we have anything else.

    Thanks in advance for your patience ?

    Josh P.

    Senior Community Moderator

    ---

  • Nefer
    Nefer Posts: 1

    most likely you have a problem with you version of internet explorer. sometimes after closing a connection, teamviewer is droping an ad or some info using your local installed version of internet explorer. in this case it could be you have an issue/malware/adware etc. installed on that. It happened to me also with some scripting errors I got, due to some strange plugins I had used in internet explorer.

  • dgun469
    dgun469 Posts: 8 ✭✭
    edited May 2021

    @Nefer First I do not use Internet Explorer and do not know anyone who has in at least a decade. Second Internet Explorer has been disabled in program features and blocked in every registry entry I could find. No form of IE nor Edge exists on this network outside of the program being part of Windows 10 itself. I also stated that a browser was not always open just like today when I got the same popup.

    I managed to grab these DNS names from the certificate. Not sure if it is helpful or not but here is the list I grabbed.

    DNS

Trustpilot

Categories

This Week's Leaders