HELP!!! Avira Found Malware on WRSA.exe

Discussion in 'Prevx Releases' started by calix, Jul 26, 2011.

Thread Status:
Not open for further replies.
  1. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    My Avira Free AV detects malware on WRSA.EXE. What should I do? Right now Avira is asking me to move to quarantine the WRSA.EXE, do i need to click yes and apply? Please advice. TIA

    http://k.min.us/jbX9Tq.jpg
     

    Attached Files:

    • wrsa.jpg
      wrsa.jpg
      File size:
      48.4 KB
      Views:
      2,257
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Report to Avira that it is a False Positive! But don't let Avira remove the WRSA.exe files!

    HTH,

    TH
     
  3. delah

    delah Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    80
    Location:
    Ireland
    I have paid Prevx3 and that identified the beta as malware as well!
    I reported it.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    How can that be possible you can't run Prevx 3 and WRSA at the same time? Or are you talking about the install file?

    TH
     
  5. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Thanks. I already submitted wrsa.exe to avira and its "Under Analysis".
    Hope they can reply since Avira now is always asking me to remove wrsa.exe. :(
     
  6. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    This will always happen during the Beta testing some other AV will detect WRSA as malware!

    See this post: https://www.wilderssecurity.com/showpost.php?p=1891425&postcount=67

    TH
     
  7. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    I forgot to tell you that there were 2 files detected by avira, aside from wrsa.exe it also detected WRusr.dll as malware.

    Does WRusr.dll belongs to Webroot?
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Yes it does and FP also!

    TH
     
  9. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Thank you for your prompt reply.

    anyhow, this is what avira site said about WRusr.dll

     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    But it's still a FP and don't let Avira remove those files! ;) PrevxHelp will give us more info!

    TH

    Capture26-07-2011-8.57.25 AM.jpg
     
  11. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Thanks again!

    I emailed back Avira and explained to them that those 2 files belong to WebRoot Secure Anywhere Beta.
     
  12. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Your Welcome please let us know how it goes! ;)

    TH
     
  13. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Update:

    Avira just replied about my inquiry about wrsa.exe & wrusr.dll, and here is what they have to say...

    http://analysis.avira.com/samples/d...Ppjv821TrckZVA10srbDvfkhLgJ&incidentid=790770
     
    Last edited: Jul 26, 2011
  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Great thank you! ;)

    TH
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    For what it's worth, the file "wrkrn.sys" is also a Webroot file :)

    Thanks!
     
  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I can't find that file on Win 7 x64 o_O

    TH

    Capture26-07-2011-12.20.08 PM.jpg
     
  17. Matthijs5nl

    Matthijs5nl Guest

    It is the deep level driver (it also boots up in Safe Mode for example), should be in system32/drivers I guess.
     
  18. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Thanks a simple search didn't find it but a search of System32 did!

    TH
     
  19. delah

    delah Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    80
    Location:
    Ireland

    I meant the install file.
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It will be under the actual C:\Windows\System32\Drivers\ folder - it is a native 64bit driver (you might be browsing under C:\Windows\Syswow64\drivers\ which is where 32bit applications would write).
     
  21. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I have found it thanks Joe! ;)

    Daniel
     
Thread Status:
Not open for further replies.