Do not trust scam sites instructing to "Please Install The Root Certificate"

What kind of scam is "Please Install The Root Certificate"?

"Please Install The Root Certificate" is a malware-proliferating online scam, which is part of the ClickFix campaign. It comprises fake Google Chrome pop-up alerts that claim an error occurred when displaying a website. The scheme provides steps for addressing the bogus issue, which leads to victims infecting their devices with malware.

"Please Install The Root Certificate" scam overview

When a site running this scam is accessed, it displays a fake pop-up window presented as an alert from the Chrome browser. The pop-up states that the webpage failed to load due to an unspecified issue. It claims that this can be fixed by installing the root certificate. Further instructions can be found by pressing "How to fix".

After this button is clicked, the scam displays another pop-up window. This alert reiterates part of the first fraudulent message. The pop-up instructs to press the "Copy" button to copy the code and then paste it into the Windows PowerShell – completing these steps will supposedly install the root certificate.

It must be stressed that the information provided by this scam is false, and this deceptive content is not associated with any legitimate products, services, or entities.

This scheme essentially tricks users into copying a malicious PowerShell script and executing it through the automation and configuration management program of the same name. This facilitates the installation of malware.

Scams of this kind can be used to spread a wide variety of malicious software. The initial infection could serve as a backdoor for further infection. To elaborate on the most common malware types, "trojan" is an umbrella term encompassing malicious programs with a broad range of capabilities.

Trojans can operate as injectors that inject malicious code into programs/processes, backdoors or loaders that cause chain infections, RATs that enable remote access/control over devices, stealers that extract and exfiltrate data from apps/systems, grabbers that download victims' files, spyware that records content (e.g., desktops, audio via microphones, video via webcams, etc.), clippers that replace clipboard content, keyloggers that record keystrokes, and so on.

Cryptominers are another common malware type that generates cryptocurrency by abusing system resources. Ransomware is likewise widespread; it encrypts data and/or locks device screens to demand payment for file/access recovery.

To summarize, by trusting a scam like "Please Install The Root Certificate" – users can experience system infections, severe privacy issues, financial losses, and even identity theft.

If you believe that your device is already infected – perform a full system scan with an anti-virus and eliminate all detected threats.

Threat Summary:

Name	"Please Install The Root Certificate" pop-up
Threat Type	Phishing, Scam, Social Engineering, Fraud
Fake Claim	An issue occurred when loading the visited website.
Disguise	Google Chrome alert
Related Domains	cdnforfiles[.]xyz, baqebei1[.]online
VirusTotal Detections and Serving IP Addresses	cdnforfiles[.]xyz (172.67.162.141), baqebei1[.]online (172.67.148.183)
Distribution methods	Compromised websites, rogue online pop-up ads, potentially unwanted applications.
Damage	Malware infections, loss of sensitive private information, monetary loss, identity theft.
Malware Removal (Windows)	To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. ▼ Download Combo Cleaner To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Online scams in general

"Microsoft Detected A Unusual Application In Your System", "McAfee Safety Warning", "AVG - Your PC Is Infected With 18 Viruses", "Activate Your McAfee Antivirus License", "Temporary Files Deletion Have Started", and "Windows Defender Firewall Alert" are just some examples of our newest articles on scams that utilize fake pop-up messages/alerts.

Online schemes can differ drastically in appearance and used mechanisms, but the end goal is the same throughout – to generate revenue at victims' expense.

False claims are used to gain users' trust, e.g., ones relating to website errors, system infections, outdated software, expired licenses or subscriptions, suspicious activity, package shipping mishaps, lotteries, product promotions, giveaways, etc.

Due to how widespread scams are and how well-made they can be – we strongly recommend exercising caution while browsing.

How did I open a scam website?

Online scams are primarily endorsed via sites using rogue advertising networks, typosquatting (misspelled URLs), SEO poisoning, spam (e.g., emails, PMs/DMs, social media/ forum posts, browser notifications, SMSes, etc.), malvertising (intrusive ads), and adware.

How to avoid visiting scam websites?

The Internet is rife with deceptive and malicious content. Hence, we recommend vigilance when browsing. Pay attention to URLs and enter them carefully. Be selective when clicking ads, and do not trust offers that sound too good to be true.

Do not permit suspicious pages to deliver browser notifications; instead, deny these requests (i.e., press "Block", "Block Notifications", etc.) or ignore them altogether.

Do not use websites offering pirated software/media or other questionable services (e.g., Torrenting, illegal streaming/downloading, etc.), as these webpages are usually monetized via rogue advertising networks.

Be cautious with incoming emails, PMs/DMs, SMSes, and other messages. Do not open attachments or links present in dubious/irrelevant mail.

Download only from official/verified sources and treat installations with care (e.g., read terms, study options, use "Custom/Advanced" settings, and opt out of additional apps, extensions, etc.) – to prevent bundled/harmful programs (like adware) from infiltrating the device.

If your computer is already infected, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate all threats.

Text presented in the initial pop-up displayed by the "Please Install The Root Certificate" scam:

Google Chrome

Aw, Snap! Something went wrong while displaying this webpage.

To display this web page correctly, please install the root certificate. Click the "Fix it" button and follow the further instructions.

Reload page How to fix

Screenshot of the second pop-up displayed by the "Please Install The Root Certificate" scam:

Text presented in the second pop-up:

Google Chrome

Aw, Snap! Something went wrong while displaying this webpage.

To display this web page correctly, please install the root certificate. Click the "Fix it" button and follow the further instructions.

Copy the code [Copy]

1. Right-click the Start button and run "Windows PowerShell" ("Windows Terminal").
2. Right-click in the console window.
Wait for the operation to complete and reload the page.

Open video instruction

Reload page How to fix

The appearance of "Please Install The Root Certificate" pop-up scam (GIF):

Instant automatic malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

• What is "Please Install The Root Certificate" pop-up?
• How to identify a pop-up scam?
• How do pop-up scams work?
• How to remove fake pop-ups?
• How to prevent fake pop-ups?
• What to do if you fell for a pop-up scam?

How to identify a pop-up scam?

Pop-up windows with various fake messages are a common type of lures cybercriminals use. They collect sensitive personal data, trick Internet users into calling fake tech support numbers, subscribe to useless online services, invest in shady cryptocurrency schemes, etc.

While in the majority of cases these pop-ups don't infect users' devices with malware, they can cause direct monetary loss or could result in identity theft.

Cybercriminals strive to create their rogue pop-up windows to look trustworthy, however, scams typically have the following characteristics:

• Spelling mistakes and non-professional images - Closely inspect the information displayed in a pop-up. Spelling mistakes and unprofessional images could be a sign of a scam.
• Sense of urgency - Countdown timer with a couple of minutes on it, asking you to enter your personal information or subscribe to some online service.
• Statements that you won something - If you haven't participated in a lottery, online competition, etc., and you see a pop-up window stating that you won.
• Computer or mobile device scan - A pop-up window that scans your device and informs of detected issues - is undoubtedly a scam; webpages cannot perform such actions.
• Exclusivity - Pop-up windows stating that only you are given secret access to a financial scheme that can quickly make you rich.

Example of a pop-up scam:

How do pop-up scams work?

Cybercriminals and deceptive marketers usually use various advertising networks, search engine poisoning techniques, and shady websites to generate traffic to their pop-ups. Users land on their online lures after clicking on fake download buttons, using a torrent website, or simply clicking on an Internet search engine result.

Based on users' location and device information, they are presented with a scam pop-up. Lures presented in such pop-ups range from get-rich-quick schemes to fake virus scans.

How to remove fake pop-ups?

In most cases, pop-up scams do not infect users' devices with malware. If you encountered a scam pop-up, simply closing it should be enough. In some cases scam, pop-ups may be hard to close; in such cases - close your Internet browser and restart it.

In extremely rare cases, you might need to reset your Internet browser. For this, use our instructions explaining how to reset Internet browser settings.

How to prevent fake pop-ups?

To prevent seeing pop-up scams, you should visit only reputable websites. Torrent, Crack, free online movie streaming, YouTube video download, and other websites of similar reputation commonly redirect Internet users to pop-up scams.

To minimize the risk of encountering pop-up scams, you should keep your Internet browsers up-to-date and use reputable anti-malware application. For this purpose, we recommend Combo Cleaner Antivirus for Windows.

What to do if you fell for a pop-up scam?

This depends on the type of scam that you fell for. Most commonly, pop-up scams try to trick users into sending money, giving away personal information, or giving access to one's device.

• If you sent money to scammers: You should contact your financial institution and explain that you were scammed. If informed promptly, there's a chance to get your money back.
• If you gave away your personal information: You should change your passwords and enable two-factor authentication in all online services that you use. Visit Federal Trade Commission to report identity theft and get personalized recovery steps.
• If you let scammers connect to your device: You should scan your computer with reputable anti-malware (we recommend Combo Cleaner Antivirus for Windows) - cyber criminals could have planted trojans, keyloggers, and other malware, don't use your computer until removing possible threats.
• Help other Internet users: report Internet scams to Federal Trade Commission.

Frequently Asked Questions (FAQ)

What is a pop-up scam?

Basically, pop-up scams are deceptive messages/alerts intended to trick users into performing specific actions. For example, victims may be lured/scared into downloading/installing software, purchasing products, subscribing to services, calling fake support lines, allowing cyber criminals to access devices remotely, making monetary transactions, disclosing sensitive information, and so on.

What is the purpose of a pop-up scam?

The purpose of pop-up scams is to generate revenue for scammers. Profit is predominantly made by obtaining funds through deception, promoting content (e.g., websites, software, products, services, etc.), abusing/selling private data, and spreading malware.

Why do I encounter fake pop-ups?

Pop-up scams are most commonly endorsed via spam (e.g., emails, DMs/PMs, SMSes, social media/ forum posts, browser notifications, etc.), webpages using rogue advertising networks, typosquatting (misspelled URLs), search engine poisoning, malvertising (intrusive adverts), and adware.

Will Combo Cleaner protect me from pop-up scams and the malware they proliferate?

Combo Cleaner is designed to eliminate all manner of threats. It is capable of scanning visited websites for rogue, deceptive, and malicious content. Hence, should you happen upon such a webpage – you will be warned immediately, and further access to it will be restricted. Additionally, Combo Cleaner can detect and remove most of the known malware infections. Keep in mind that performing a complete system scan is paramount since sophisticated malicious software usually hides deep within systems.

▼ Show Discussion