GT Explains: What is eDellRoot and How to Remove It

PC companies installing bloatware and forcing their proprietary applications on laptops and desktops is not a new thing. But Dell, following the footsteps of Lenovo, has gone too far. Even though being aware of the flak Lenovo received for its SuperFish debacle, Dell is and has been shipping their popular line of Inspiron and XPS laptops with a rogue security certificate which is vulnerable to man-in-middle attack.

SecurityCert Compromise-eDellRoot
No Lessons Learnt | Shutterstock

eDellRoot is the infamous certificate, which was discovered by Reddit user RotorCowboy, installed on his laptop. After the revelation, many users of Dell laptops are reporting being affected by this.

So let’s see what is eDellRoot and how to get rid of it.

What is eDellRoot?

Technically it’s a security certificate like one of the several that are already present on your computer, which are essential to carry out secure SSL communications. But the main difference here is that this certificate and its associated private key is exact same on all the Dell laptops. So one can pose as legitimate bank or shopping website by using this root certificate and access your private information including your passwords, credit card and bank details. If you would like to read the technical run down go here.

Cool Tip: Security is important even for smartphones. Learn how to secure your Android phone properly.

Checking for eDellRoot

To check if your computer has this certificate, follow the steps:

Step 1: Open Start Menu and search for certmgr.msc. A new window will open upon clicking the top option.

Step 2: In the window, on the left side, under Certificates-Current User, click on Trusted Root Certificate Authorities > Certificates.

Step_2-Certmgr

Step 3: In the right section, check for eDellRoot.

eDellRoot-Certmgr

Removing it

Now that you know that your system is affected, follow the steps to remove it. Alternatively you can also download this tool from Dell which does it for you.

Step 1: Stop the Dell Foundation Services by going into Task Manager > Services Tab > Open Services. To open the task manager right click on the taskbar and select Task Manager.

Dell_Foundation_Services

Step 2: Go to C: \Program Files\Dell\Dell Foundation Services and delete the file Dell.Foundation.Agent.Plugins.eDell.dll.

DeleteDllFile-eDellRoot

Step 3: Finally open the certificate manager as shown under Checking for eDellRoot section and delete that eDellRoot certificate by right clicking it >delete.

Delete-eDellRoot

Double Checking

After you have performed the steps as to remove it, you can visit this site to make sure there is no trace of it left. Another is this one. If you get a screen like this then you are safe, otherwise perform the above steps again carefully.

CertRevoked-eDellRoot

Some users are also reporting that the eDellRoot thing appears again after a reboot. If you face this situation then its better to use the tool by Dell or by Microsoft.

Closing thoughts

Is your shiny new laptop affected by this? Did the Superfish and eDellRoot incidents change your perception about these companies?  Share your thoughts at our discussion forums.

Also See
#gtexplains #laptop

Join the newsletter

A geek, gamer, DIY enthusiast who loves to read about technology, computers and especially How-Things-Work!!