Prevx + ESET Nod32 both missed 6 ROOTKITS. Need to switch to WSA right now PLEASE.

Discussion in 'Prevx Releases' started by newbie2247, Dec 27, 2011.

Thread Status:
Not open for further replies.
  1. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    I am beside myself with shock and dismay. Shock because I cannot believe that Nod32 actually missed 6 rootkits all on the same day. They've never, ever missed 1 in all the years I've used them.

    Dismay because Prevx will NOT let me clean them up. Due to just plain bad luck and these 2 error numbers, I cannot activate my license in order to get SIX rootkits off of my laptop and they've been there for 3 days while I've been killing myself trying to resolve this nightmare - Error:L044 and ERROR:CHK008

    Now, I have almost a year left on my 2 year Prevx SafeOnline renewal (it's pretty obvious that I knew nothing at all about the Webroot deal + WSA changeover at the time) and since I'm frantic and apoplectic here over BOTH Prevx and ESET missing 6 rootkits (SIX!!!!) and me not being able to clean them up because Prevx, who let them in, then scanned and found them will NOT let me activate my PAID FOR with good hard-earned money license over technicalities/very strict license policies. I respect their policies and understand the need for them and them being strict having worked for many decades in the corporate world. I also am very familiar with "hands on" dealings with customers, and not only keeping them, but keeping them fully satisfied and happy to be a customer for many years. I learned quickly and became very good at it.

    Will the very nice and wonderful WEBROOT person in charge here kindly and as soon as humanly possible, please, please, please, take the remainder of my Prevx license and give me my WSA one today please, please? I'll give you one of my brothers to make up any tiny price difference if I'm actually to be charged more money in view of the ugly facts here and considering this major inconvenience, dangerous position I find myself in Through No Fault Of My Own and remain in until someone gets back to me and gets me out of this very dangerous mess and nightmare. I'm asking for help and I've got to get on the Webroot now; I won't feel protected or better at all until those rootkits are gone, no more appear and I'm on our new WSA program. I've been waiting forever and ever to be contacted and now I no longer have that luxury unfortunately.

    I did try submitting the many Prevx scans I did to VirusTotal. I am not familiar with it and think I may have eventually gotten it done correctly and if that's true, it came out clean. Not sure, so don't take that as fact.

    Here are the 6 rootkits, for what it's worth - a tiny portion of the scan as I don't know the Wilders Forum policy of posting an entire Prevx scans and publicly exposing yourself entirely on the Internet, etc. Got to get rid of all 6 of them and yesterday isn't soon enough for me. Then got to get rid of Prevx SafeOnline and get on WSA immediately if not sooner. Obviously with BOTH Prevx and ESET Nod32 sleeping on the job, I am NOT protected at all.

    Some non-malicious files are not included in this log.
    Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
    Last Scan: Fri 2011-12-23 06:51:43 Pacific Standard Time. Number of Scans: 5. Last Scan Duration: 3 minutes 14 seconds.
    [R<00480020>] (ACTIVE) c:\windows\syswow64\urlmon.dll [PX5: 450C3B160029BCFACA6B1216D4DF45002D24D445] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\wininet.dll [PX5: FEA8E92600894D46FA4B0EBC769E6200FB5284CC] Malware Group: Caution.MismatchData
    [R<00480020>] (ACTIVE) c:\windows\syswow64\iertutil.dll [PX5: CBB7350500CF9AADA4131F66C4E1920042EC6A06] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\iertutil.dll_old0 [PX5: CBB7350500CF9AADA4131F66C4E1920042EC6A06] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\urlmon.dll_old0 [PX5: 450C3B160029BCFACA6B1216D4DF45002D24D445] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\wininet.dll_old0 [PX5: FEA8E92600894D46FA4B0EBC769E6200FB5284CC] Malware Group: Caution.MismatchData
    *puppy*

    Thanks in advance and Happy Holiday Season!
     
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Last edited: Dec 27, 2011
  3. Cloud

    Cloud Registered Member

    Joined:
    Feb 1, 2011
    Posts:
    1,029
    Location:
    United States
    No protection is 100%. Secondly, rootkits are known to be hard to detect.
     
  4. CogitoTesting

    CogitoTesting Registered Member

    Joined:
    Jul 4, 2009
    Posts:
    901
    Location:
    Sea of Tranquility, Luna
    Well then if what you said is true, then there should be a disclaimer stating such a fact at the time of purchase.

    Thanks.
     
  5. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,219
    Location:
    USA
    Do you really think so? The fact that no security software can provide perfect protection 100% of the time and rootkits are hard to detect is simply how it is. What purpose would it serve for vendors to have a disclaimer?
     
  6. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    The most important question to ask is: What did you do on the internet to be infected with six rootkits? Surfing habits and using your head are your most important tools.
     
  7. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Prevx did detect them the OP has a problem with licensing to get Prevx to remove them! But only if they are truly Rootkits? Malware Group: Caution.MismatchData

    TH
     
    Last edited: Dec 27, 2011
  8. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    6,555
    Location:
    New York City
    Whether Prevx or WSA detected them or not, does not change the intent of my previous comment.
     
  9. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I agree but the OP is asking for help in which I asked him to contact Prevx support!

    TH
     
  10. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    Thank you all very much and I hope and pray that I'll get immediate action today as I do consider this situation very serious, borderline grave. Critical if I am poorly or not at all protected or worse, get infected with even more malware. Egad, perish the thought! :eek:

    Helix, I did use your Prevx link to copy and paste my Post and Subject. Crossing my fingers now for rapid response and resolution. Off to use the other link for the 30 day trial of WSA. I downloaded it once for an hour or so to, look at, examine it some months ago. I hope that does not prevent me from another download. Here's hoping.




    o_O I surely was not "surfing" and if I was, I'd do that very carefully with trusted sites + in a sandbox. I haven't "surfed the `Net" in eons. Not safe and I hope that everyone knows that, ahem. Be assured that I did nothing reckless knowingly, consciously or deliberately. I understand your knee-jerk thoughts and "surf safely" reminder to all but, no, in this situation it was not that at all. In fact, during this period I did not even go to my desktop to check my email or scan headlines or visit a couple of my favorite and trusted sites. That's how focused I was on my accomplishing my "mission". ;)

    I had just done a factory restore (ergo, the license complication/issue/problem with Prevx SafeOnline) and was just beginning to install my paid for programs like Nod32, Prevx, MBAB, SAS, Sandboxie, Revo, Secunia and CCleaner. All directly from their sites. I hate being redirected to alternate sites, almost always the notorious CNET which loads their installers with megatons of crapware. They said they stopped that innocent practice but they're NOT telling the truth, I assure you. I know this from personal experience, sad to say. Bad, bad, bad, very bad! Once or twice in the recent past I was redirected to MajorGeeks. A major "turn-off" for me, that practice. If I am patronizing a company, I strongly resent them putting me in danger of receiving crapware in "stuffed installers". I am 99.99% positive that is what "corrupted" my Windows Installer. I could not Add or Remove programs. Thus, the Toshiba Satellite directive to do a "restore to factory settings".

    EDIT: Check out the topic in the Prevx Blog. Coincidence? http://www.prevx.com/blog/172/TDL-rootkit-is-coming-back-stronger-than-before.html
     
    Last edited: Dec 27, 2011
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    You should be able to sign up for another WSA trial if you use a different email address. Make sure you first uninstall Prevx, then reboot, then install WSA. If you're still experiencing problems, please send me a PM with your license key and I'll take a look.

    Thanks!
     
  12. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199

    You are a "white knight". The free trial is now only 14 days and the key codes they're emailing me are not working. This is not my week. Or month. Geesh.

    My PM to you is on its way. Just a "heads up" and a GIANT thank you. :)
     
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thanks - I'll be working through it shortly and will let you know!
     
  14. Atul88

    Atul88 Registered Member

    Joined:
    Dec 8, 2011
    Posts:
    259
    Location:
    India
    I am currently using Nod32+WSA2012, & WSA is missing so many malware infected links.
    One their Site, some "HAPPY USER'' said that " IT ALMOST FEELS LIKE IT NOT INSTALLED ON YOUR PC"
    I would say the same "IT ALMOST FEELS LIKE ITS NOT ON YOUR PC BECAUSE IT DOES NOTHING WHEN SOME MALWARE GETS INSIDE YOUR PC, SO IT DOESN'T MAKE DIFFERENCE IF IT IS INSTALLED OR NOT"
    I think it would take longer to be WSA, the complete security suite!!!
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    When using another AV + WSA, it's very likely that the other AV will be stepping in first and blocking the website. This is by-design to prevent incompatibilities.
     
  16. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    I'm still waiting for help. Can you believe this? I can't. It's too rude, crude and unbelievable. There has to be somebody from the company who can do something to help. Their reputation is going to go down the sewer if I get mistreated, ignored, stalled, delayed, put off or blown off any longer.



    It's (the FREE Trial) only 14 days now and mine is almost run out. Now what do I do? And what the heck have they been doing? Not helping me solve any of my problems, no contact, questions or follow up. I'm waiting for a request for FEEDBACK. ;) They've got the chutzpah to actually tell me that it's now time to cough up the big bucks? Wow! I cannot fathom this or believe it. I've never seen such unprofessional behavior my entire career in the corporate world in Accounting. I wore many different hats and you can imagine what I've seen and heard. This here wins the prize. It would hog the thread if I laid it all out.

    Yep, I am still waiting for help. I have filled out at least 5 customer support tickets almost begging for help. Not only am I appalled and offended, I am shocked beyond belief.

    You reps and moderators and a few members I am sure, must know someone who can contact someone who can then........

    The telephone is a frustrating waste of time. I am at the point where I think that number is "fake". In all these weeks I have no idea how many times I've dialed that number.

    I have nothing but problems, a broken-down program, nothing but total silence and zero customer support. What do they have? My money. 12 full months left on my PrevxSafeOnline - that does NOT work and they're going to stall forever and a day and I can't stop them from ripping me off in addition to blowing me off.

    I think maybe dropping Prevx and going to these crooks is/was a very bad idea indeed. The price is highway robbery. I've been here since day 1 and they have yet to contact me about transferring my license. Why I wonder?

    I'm beside myself because of this. I have had nightmare of rootkits that look like nasty gremlins. This rude, shoddy, negligent and financially expensive mistreatment, total lack of service and complete loss of my program for all these weeks is utterly unbelievable, inexcusable, the height of arrogance and IMHO, they really should be called on the carpet and be held accountable - they should have to answer for this. Talk about egregious.


    Still got a PAID FOR broken PrevxSafeOnline program with 6 - count them SIX rootkits running around totally unchecked while the days and weeks go by and they do nothing. Absolutely nothing and no concern. Take my money and forget me. Peachy, real peachy.
     
  17. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Newbie2247 are you still saying the trial of WSA didn't remove the Rootkits? Can you post the relevant lines from the scan log here please that point to the rootkits or other malware? Also can you PM your email address to PrevxHelp and he can look into it for you!

    Example:
    Webroot Scan Log (Version v8.0.1.42)
    Log saved at Wed 04-01-2012 22:24:35

    v8.0.1.42
    Windows 7 Service Pack 1 (Build 7601) 64bit
    Scan Started: Wed 04-01-2012 15:10:22
    Files Scanned: 3
    Malicious Files: 0
    Duration: 1s

    Some legitimate files are not included in this log
    c:\users\daniel\downloads\dllhsts.exe [MD5: 4FD38E149AD2339A1067FF0CB35618D3] [Flags: 08080010.3172]
    c:\users\daniel\downloads\bot.exe [MD5: EB7FD4891C3E7CC7196646EDCFFF6E81] [Flags: 00080010.2739]

    Thanks,

    TH
     
    Last edited: Jan 4, 2012
  18. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199



    Thank you very much for asking and your time. Very much appreciated.

    Yes. That is exactly what I am saying. Precisely.

    Re: PrevxHelp, if you look at posts 11 through 13 you will see we did just that last week. I will let him/her speak for himself about all that he/she saw, learned and did including who was spoken or written to, etc., etc. upon receipt of my PrevxSafeOnline license number.

    Here's the section of the PrevxSO scan (I wish I could read and understand these logs. Is there a tutorial online, if anyone knows please?) that is frightening me and almost everyone who's in Customer Support has copies of it by now as well as the details about my inability to activate PrevxSO because of the 2 technical error messages that could be and should already have been fixed in 5 minutes flat. Worse case scenario, give me a new license number. And my money back! Because I don't have to take such shoddy treatment. I am not paying hard to come by and hard-earned money to be treated like this. Nobody should. Please, if you or anyone else reading this horror story thinks of even the tiniest thing or contact, ANYTHING, that might help me, I'd be forever and deeply grateful. I've only a few days left on the Trial Demo. {sob, sob, sob} What then? Seriously? What happens to me and my funds for the next 12 months? Oh boy. I am not pleased or impressed at all with these people. If this was not such a grave, serious and dangerous situation here, it could be a comedy or science fiction story.:


    Prevx Scan Log - Version v3.0.5.220

    Some non-malicious files are not included in this log.
    Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)

    [R<00480020>] (ACTIVE) c:\windows\syswow64\urlmon.dll [PX5: 450C3B160029BCFACA6B1216D4DF45002D24D445] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\wininet.dll [PX5: FEA8E92600894D46FA4B0EBC769E6200FB5284CC] Malware Group: Caution.MismatchData
    [R<00480020>] (ACTIVE) c:\windows\syswow64\iertutil.dll [PX5: CBB7350500CF9AADA4131F66C4E1920042EC6A06] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\iertutil.dll_old0 [PX5: CBB7350500CF9AADA4131F66C4E1920042EC6A06] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\urlmon.dll_old0 [PX5: 450C3B160029BCFACA6B1216D4DF45002D24D445] Malware Group: Caution.MismatchData
    [R<00480020>] c:\windows\syswow64\wininet.dll_old0 [PX5: FEA8E92600894D46FA4B0EBC769E6200FB5284CC] Malware Group: Caution.MismatchData

    End of Prevx Scan Log - http://www.prevx.com

    EDIT: I haven't learned or figured out yet how to capture scan logs on the cursed demo yet. I do know with absolute certainty that it has not caught one single thing as I always look at the scan results and close the thing.
     
  19. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    The demo is fully functional with a 14-day key and full capability. If it was not catching things, WSA full would just be a longer key in it, so it wouldn't help. The demo's logs give a better view of the situation though, since they have MD5s instead of PX5s and a newly-built scanning engine.

    After doing a scan, there is a link on the lower left of the scan result to "Save scan log". You can also go to the System Tools section on the left, then Reports tab on the top, and Save as... button under Scan Log will save the last one.

    If the detection in PX3 happened multiple times, that's something to consider. If it happened once, it may have been a transient thing, like something doing an update to those files when the PX3 scan was occurring and therefore causing a data mismatch between the raw read and the API read. If the detection happened in PX3 multiple times, I'd be curious about why WSA isn't seeing it.
     
  20. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    I need the scan log lines from Webroot SecureAnywhere!

    TH
     
  21. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    I have a couple that much to my surprise I found and I did one today. Grand total of maybe 3 or 4. As they are all clean and show no malware at all because every scan has come out clean since I got the demo, what exactly are you looking for? To see if the rootkits are or were found and cleaned? I never saw any infections found and cleaned ever, not once, since I got this soon to expire 14 Trial. Nada. Nothing ever found and cleaned.

    Thank you ALL for your helpful info., help, time, concern and informative instructions, including PREVXHELP. Where is he/she? Where did he/she go off to?

    I am more than willing to send you a PM and attach them or copy and paste them. Doubt if they'll be of much help but can't hurt. Let me know what you decide.

    Meanwhile, the beat goes on and on and on..........
     
  22. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,899
    Location:
    localhost
    No drama, no stress. Relax, sit back... They were just false positives. If you install back Prevx remember to report them to support as false positives. :)
     
  23. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199

    Good morning FAX :) ,

    That's great to hear but how do you know they are False Positives? Nobody has told me that yet. I badly want to believe you and take that as fact. I'm praying that you're right and have the creds to say so. Everyone around me is still "investigating" and not commiting themselves to such BEAUTIFUL words and that declaration. I can understand why if they don't really know for sure, especially since Microsoft which calls them some other name rates them as SEVERE. And lucky me got 6 all in one shot.:rolleyes:

    Thank you a million times over for saying that and I desperately hope to the high heavens you are 1,000 times right.:blink:
     
  24. Trooper

    Trooper Registered Member

    Joined:
    Jan 26, 2005
    Posts:
    5,507
    They look like false positives to me as well. Seem to be valid windows/Ie files. Best to check with Prevx, but it appears ok to me.

    So maybe NOD32 did not fail you huh?

    Have you installed any other scanners to double check, like Hitman Pro etc?
     
  25. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    If you could just uninstall Prevx and install WSA, you should hopefully have the false positives fixed. If they aren't, you can write into our support inbox: http://www.webroot.com/En_US/support.html

    If you're still having problems, please PM me your license key and email address and I'll take a look :)
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.