Webroot Secure Anywhere related question

Discussion in 'Prevx Releases' started by RyanHague, Feb 26, 2012.

Thread Status:
Not open for further replies.
  1. RyanHague

    RyanHague Registered Member

    Joined:
    Feb 26, 2012
    Posts:
    2
    Location:
    United Kingdom
    Hello good people,

    I have been a webroot user for nearly two years now, I purchased SpySweeper after carefully reading multiple reviews that it was simply the best.And it was :)

    A few months ago I received an email about a free upgrade to webroot secure anywhere that combines anti malware and antivirus capabilities in one slick and ultra fast package. The transition was a bliss. My pc now starts up in almost 1/3 of the time, the desktop is ready to use instantly when booting is complete, the new interface is beautiful and so far secure anywhere has caught suspicious files instantly.

    However I am concerned about something that happened recently, I was surfin late at night/early in the morning on Saturday, and I was looking for a program that woul play .swf videos on my pc. I found one after a quick search on google, it was on Cnet. I downloaded, double clicked the file in the downloads window but nothing, I clicked on it and selected open containing folder and nothing again, it's like it vanished.I downloaded the file again, nothin again, it vanished, the third time it worked, and it wanted to install ask toolbar and bing search I opted out. As the installation was going on I noticed webroot was grayed out on the toolbar, and when I hovered my mouse pointer over it it said 'infected' in the description line! I had seen this before once and then hit reset on my pc because I panicked. This time I had to restart the pc to re enable webroot secure anywhere. After that restart I got a message about a missing dll error, some file name with lots of numbers 'specified module could not be found'

    I went on google to start looking for a way to solve this error, but almost every time I'd click on a link it would take me to a random ad website sometimes ask sometimes bing and sometimes some others. I started scanning with webroot again and again and again but everything seemed ok. I eventually maxed out the heuristic levels and after advice found the additional entries in the hosts file, deleted them, set webroot not to allow any program to access the hosts file and made it read only ( mind you somehow the hosts file had also become invisible..) then I discovered that in the panel where you block websites in webroot secure anywhere there was a new addition of some ad website, so I deleted that too and thought that most likely something disabled webroot secure anywhere ( by the looks of it a program from Cnet!) and infected it and allowed for a bunch of malware to sneak in?
    But why is it that webroot didnt detect them when it was re enabled?

    What I haven't mentioned yet is that I did a scan with malwarebytes( which for some reason wouldn't start and even after the update wouldn't start- had to follow instructions on their website to remove it with a tool first and the scariest was that when I loaded add and remove programs, there was never a list, the window stayed empty!) malwarebytes found 12 infections ranging from
    Backdoor bot SCGen and Trojan Downloader to Spyware Password Backdoor agent and Exploit Drop2! Almost all of these were in the temp folder and some in the registry and the application data folder

    My question is simply, why is it that Webroot Secure Anywhere missed all of these in it's scans and malwarebytes didn't? Is malwarebytes lying to me? Also now that I've removed these and the run dll error stopped shall I assume that I am safe and sound? I am doing a thorough scan with malwarebytes now it's going to take a while, just to make sure. But, what if there is something that malwarebytes missed too? How can I be sure it's safe to use Internet banking again, and is rapport sufficient to protect me from keyloggers while I'm banking? I've always had great faith is webroot but now I'm a bit worried... About some threats that can disable it and infect it and my pc in seconds, I was shocked!

    Thank you for your time good people
    All the best
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    Just because you and I have some security software does not mean that we are safe anywhere and anytime on the net. We are not as any security software only can react and protect against the threats it knows about. As you can imagine there is a unrelenting race between malware creators and software protecting against it. If you suspect there is still some malware on visit some of the volunteer sites and try more tools
    https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3
     
  3. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    13,269
    Location:
    Ontario, Canada
    Sorry for the issues that you are having and as you have a paid version of WSA please contact the WSA support inbox and they can have a look at the scan logs to determine if you need further clean up as they will be happy to help you do free of charge and if need be they will Remotely connect to your computer and make sure it is clean! http://www.webrootanywhere.com/support

    HTH,

    TH
     
  4. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    I would never force a system restart, especially not with SecureAnywhere. This could have interrupted the cleaning/detection process.

    That being said, it should have caught those, as their cloud theoretically should offer better protection than any.
     
  5. pegr

    pegr Registered Member

    Joined:
    Apr 8, 2008
    Posts:
    2,280
    Location:
    UK
    If you are not already using imaging software to backup the system, then you should consider doing so in order to prevent the possibility of this situation from arising again in the future. That way if the worst happens and the system does get infected, after using anti-malware tools to kill the infection, restoring the entire system from a previously created clean image should ensure that the system is clean, with no leftover remnants of malware present.

    System images are also the quickest and easiest way to rebuild the system if you experience a hard disk failure. In your present situation, if you don't have a system image to fall back on and are still uncertain about the state of the system, as Cudni said, you could try some further anti-malware tools just to be sure.
     
  6. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    It's one of those Good and Bad things.

    MalwareBytes finds stuff the Webroot can miss.
    Webroot definitely finds a LOT of stuff that Malwarebytes misses.

    But don't force shutdowns. When Webroot says "Infected", follow it's directions. Scan, clean, scan again when it tells you. It will keep having you scan until it finds nothing that it knows is bad.

    When you're not completely sure, or when you think you're still infected, do a Webroot scan, then open a Webroot support ticket and say you think you might be infected.

    Here's the main thing:
    If there is an infection that is unknown to ANYBODY, MBAM, Norton, McAfee, and everybody will end up just ignoring it. That's because, To Them, Everything that is not specifically BAD is considered GOOD.
    By comparison, anything that is Unknown to Webroot SecureAnywhere gets watched, tracked, and journalled. Then the moment it is determined to be bad, not only it, but every single precise thing it did gets rolled back and undone.

    When you send in a message to Webroot, they can look at the scan you did. Even if you have an infection that -your computer- is the only one in the world to have a copy of, they can fix it.
     
  7. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    Several of the regular posters in this forum are using MBAM Pro and WSA together, myself included, for a more layered approach to security; I also run Hitman Pro (licensed) to be sure my system is "clean".

    As regular readers of Wilders know, NO security product is 100% effective in stopping all forms of malware; therefore many users use multiple security products concurrently to try and prevent computer contamination. Also, as member pegr nicely described, having a good system image to fall back on will save countless hours trying to clean an infected system. :thumb:
     
  8. RyanHague

    RyanHague Registered Member

    Joined:
    Feb 26, 2012
    Posts:
    2
    Location:
    United Kingdom
    Thank you everyone for your great responses!

    It's good to be in the company of civilized intelligent people! To be honest I don't usually post on forums because I fear that someone will be criticizing or be nasty or something lol.

    Anyway, very informative and valuable opinions here from everyone, thank you very much indeed :)
    Just to clarify, that one time that I did a forceful reset on my pc was many weeks ago, but in that occasion, just like in this recent one, webroot was disabled, greyed out, with a red mark over it, and when I hovered the mouse over it it said 'infected' which was pretty scary.The second time this happened, last Saturday, I didn't panic, and just observed, however webroot didn't restart itself until I restarted the pc. I tried opening the webroot launcher application but nothing happened. When all of this went down, while I was installing that flash player, I could swear that webroot intercepted a file, and looking in the logs now, it did exactly that, now I was thinking to myself today : what if webroot removed the virus just before it got disabled and that dozen malware that malwarebytes found - most in the temp folder and some in the registry, a couple even in the java temp folder - wasn't actually that dangerous?

    What filled me with the most discomfort I guess was how apparently the best anti malware out there, webroot, got taken out with one shot, and in that time of it's absence, the hosts file was altered and made invisible, and an ad website was added to the list of permitted websites in the webroot console (a list that has always been empty)

    And because I'm a Str Trek fan and the last month I've been watching every single ds9 episode, to make a comparison in trek terms, it felt like the enemy disabled the ships shields, beamed aboard, installed a bomb and beamed out lol so I am wondering if there is a way, a safety mechanism or update to make webroot secure anywhere immune to such successful strikes? I mean if the hosts file can be protected, made read only etc, maybe there's a way to protect webroot in a similar fashion?

    I love my webroot, but just to be a bit safer and after considering your suggestions, I am now also using malwarybets pro, and there is no conflicts.The hosts file is secured and clean, I updated java( looks like I was a bit out of date with that) I run a deep scan on malwarebytes last night and it looks clean, I have left the advanced heuristics level on maximum on all tabs for now, and I just finished a scan with webroot and no threats were found.

    The sky looks clean :)
    However, I am strongly considering the imaging suggestion, but wouldn't have a clue what to do lol, and just to let you know I use windows xp home, if it matters with the imaging thing?
    I am also Considering doing the report idea, so that webroot could have a look at a possible infection?But if malwarebytes pro and webroot secure anywhere both say clean, I wonder how likely it would be to find anything..

    Thank you for your time and thoughts everyone, you've been great :)

    All the best


    Ps - a funny thing is that since malwarebytes did it's scan and removal thing, I've started getting the old windows update warning on the toolbar about automatic updates being turned off -guilty, I would switch them off usually to play games online - but security centre won't let me turn them on, I can only do it from the windows update control panel for some reason, and even then the warning persists and I don't see any updates. Oh well
     
  9. NNard

    NNard Registered Member

    Joined:
    Jun 23, 2007
    Posts:
    42
    Location:
    New York
    I currently run WSA Essentials with MBAM Pro realtime without any issues.
     
  10. kdcdq

    kdcdq Registered Member

    Joined:
    Apr 19, 2002
    Posts:
    815
    Location:
    A Non-Sh*thole State
    RyanHague,

    If I were in your shoes, I would also run SuperAntispware and Hitman Pro to see if either of these two excellent programs find any malware on your system. Just my $.02 worth....:)
     
  11. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Just so it's clear...

    Many individuals are also more than comfortable (such as myself) running WSA alone. In fact, I am starting to recommend this specifically to really take advantage of its light performance.

    I definitely run MBAM, SAS, and HMP regularly too, as well as a WSA full scan on occasion.

    If I ever thought I was infected, I would boot into safe mode and run fullest scans offered of each product.

    If there was still malware, I would run Comodo Cleaning Essentials and kill stuff manually.

    But at that point, I'd be equally likely to put my Windows 7 system imaging to the test, since I've been so disicplined about making regular images and file-level backups.

    In my view, when it comes to layering security solutions, I'd rather layer a blacklist measure with a whitelist measure. For example, I run WSA with a software restriction policy. Some people do something similar and run it with a HIPS like Defense+ or an anti-executable, though this can easily become a very advanced counter measure, I admit.

    I hope your issues are resolved, and no hidden rootkits or traces are left!
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.