Webroot SecureAnywhere Discussion & Update Thread

I want to submit malwares to Webroot.
I know the online submission form but, Is there any email to send malwares to the staff ?

 

Sounds like you have also asked directly at webroot:
https://community.webroot.com/t5/We...are-Submissions/ta-p/139139/comment-id/70#M70

But the answer is likely NO.
Why would you like to send it by e-mail?

 

Yes....that's me

Well...On malwaretips there is a "malware hub" session and the new malicious files will be sent to multiple vendors to see which ones react faster....most of the AVs have the "email way" and this can promote the procedure.

 

I am afraid the way WSA works clash with the approach you try to achieve (i.e.signature based identification). But this was discussed plenty of times before in here... so I would not like to repeat it again.. lol.

 

Yes...I know....But,we will upload to its malware team anyway....(No matter their way to approach malwares is,the users will upload files to any known AV to see their reaction)

Thanks for the info

 

Well like @fax said Webroot does it much different and most of it is automated as the Cloud is very strong see here: https://www.wilderssecurity.com/thre...sion-update-thread.364655/page-8#post-2398407

Thanks,

Daniel

 

Thank you both

Regarding the submission,I got a response from the support:

 

You can supply MD5's from a scan log and post them in a ticket if you like as well?

Thanks,

Daniel

 

WSA found and removed this after MBAM and HMP Scan did not detect it. It appeared soon after i download and updated flashplayer for IE and Non IE yesterday. After i open a new tab in Chrome this would load up and want me to install something...http://deletemalware.blogspot.com/2013/02/how-to-remove-ilivid.html

 

I downloaded both Flashplayers from Filehorse Site...http://www.filehorse.com/

 

Where do you get your downloads for flash? Removed Adobe Flash Links it's a Wilders Rule not to post them here. most times they have PUA's/PUP's added but never seen that one? As I always say be sure to uncheck any unwanted add-ons during install if offered https://community.webroot.com/t5/Security-Industry-News/Security-updates-available-for-Flash-Player-14-0-0-176-August-12/td-p/139411

It's great that WSA remove that PUA and here is Webroot's Position on PUA's: https://community.webroot.com/t5/Tips-and-Tricks/Webroot-s-position-on-PUA/m-p/40404#M448

Thanks,

Daniel

 

WSA Quarantine says that the file is...player-chrome.exe in C:\users\bruce\downloads.....http://www.freefixer.com/library/file/Player-Chrome.exe-120011/ I just deleted player-chrome.exe from quarantine and soon after it was back again and locked up my screen until i started WSA and ran a scan and told the popup to install to free up my screen and WSA quarantined it again.

 

Can you post the line from your WSA scan log? Example: Wed 13-08-2014 13:38:46.0702 Infection detected: c:\users\daniel\downloads\ivoice_17063.scr [MD5: 52142FB6948416D824EB69BB792877CB] [3/00080001] [Trojan.Dropper.Gen]

Thanks,

Daniel

 

I saved the scan i did that detected the infection but WSA was not running at the time, I only use WSA as a on demand scanner now because of new tab and other issues i had with WSA and Chrome. Do you still want me to post the scan.

 

Just the line of the detection not the whole log!

Thanks,

Daniel

 

I looked and i don't think i can find that line of detection. My guess is that the infection was not because of the 2 downloads of flashplayer. I installed flashplayer yesterday. Today after i woke up and booted up my computer and went to facebook and a few other sites it started showing up when i opened up new tabs in my Chrome Browser.

 

That's fine it was detected that's the main thing!

Thanks,

Daniel

 

I went to my history in chrome and this was when the infection happened i think..
*VT result removed as per TOS*

 

You should remove that VT link as it's not allowed on Wilders.

Here from Webroot BrightCloud http://www.brightcloud.com/tools/url-ip-lookup.php

Daniel

 

I keep getting sent here when i open a new tab in chrome which locks up my screen and wants me to download something like player-chrome.exe...installlive.com/go/lightspark?adprovider=marmar

 

Oh dear, it looks like Daniel[TH] has to do the hard yards with all the explanations. Seems to me that Joe [PrevxHelp], has flown the coop.

 

Well I would do a full scan with WSA and Submit a Support Ticket so they can make sure your system is clean! And please let us know how it goes as it could help other users.

Thanks,

Daniel

 

I have a question regarding the journalling feature which I've not been able to get an answer to.

If I have a server with Webroot installed and a workstation with it also installed and I get infected with ransomware on the workstation, will either of the clients be able to recover the encrypted files using journalling for mapped network drives? I've been told the client on the workstation won't be able to revert these changes and I really can't see that the client on the server is going to do it because the infected process isn't on there for it to monitor.

 

Hello @Drifter104 that is a very good question! When you have time watch these 2 Webinars to get the full understanding of the WSA's Monitoring, Rollback and Remediation of such ransomware: https://www.brighttalk.com/webcast/8241/95617 44 minutes & the one in this post: https://www.wilderssecurity.com/thre...solutions-are-failing-webroot-webinar.360332/ and is 1 hour and 2 minutes.

Let us know what you think after watching at least the first one.

Thanks,

Daniel

 

I might have found something to help this problem. In chrome history i found the url and the javascript that starts the whole thing so i blocked the url in my chrome settings under content and manage exceptions to run javascript.