Thanks for sharing...tip of the iceberg, anyone?
Nice to have instructions for removal (near the end of the article).
On a side note, I found it particularly irksome that for the GUI-ishly inclined that one has to "Add/Remove Snap-in". Grrr! On a positive note, the Ghacks article described a language-independent way of accessing the UI window that's relevant for this process, and that is much appreciated. Some other articles describe steps that use searching which don't work on (at least some) non-English-based Windows machines (at least they didn't work for me).
Screenshots would be a plus for some of the steps to help guide (though of course that probably wouldn't help in the case where searching is part of the instructions...).
Spoiler
The last 2 paragraphs in the article...
So when will legitimate security vendors (whoever they might be) start reporting when there are fishy root certs installed? Because I don't know about you, but when I look at the collection of root certs installed on my machine (run the certmgr.msc management console plug-in program), there's no way I could say which (if any) didn't belong.
There are 100 or so certificates (including 27 "Untrusted certificates") installed on my system - and I think that my anti-malware should tell me if they're OK or not.
-mwb1100
I agree about it being impractical to tell -- didn't have that many here, but there were a few completely unfamiliar ones.
Something to help assess what should and shouldn't be there does sound like it could be useful....not sure how practical and effective it would end up being, though perhaps much better than nothing.
Wouldn't really trust what one specific vendor had to say about a specific cert (cf. the value of VirusTotal, Jotti, etc.), but with a collective assessment, may be some suspicious things could be detected.
Spoiler
It's not like the whole root cert idea is foolproof, but that would be a different type of discussion I guess :)