SLL certificates bring nothing other than a false peace if mind. I've seen fake antivirus software that goes to great lengths to provide verified (!) SSL encrypted pages to steal your credit card details.
Which fake software is this? If it's already taken control of the client side, too, couldn't it just be altering the root certificate set rather than exploiting some weakness of the union of all of the existing roots (which no doubt have many such weaknesses regardless)?
"Vista Security 2012". It can't touch the root certs as you need elevated privileges to do that. The entire thing hijacks the user's shell via the registry. You can log in as another user on the machine and it appears not to be infected.