HELP!!! Avira Found Malware on WRSA.exe

Discussion in 'Prevx Releases' started by calix, Jul 26, 2011.

Thread Status:
Not open for further replies.
  1. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    My Avira Free AV detects malware on WRSA.EXE. What should I do? Right now Avira is asking me to move to quarantine the WRSA.EXE, do i need to click yes and apply? Please advice. TIA

    http://k.min.us/jbX9Tq.jpg
     

    Attached Files:

    • wrsa.jpg
      wrsa.jpg
      File size:
      48.4 KB
      Views:
      2,257
  2. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    Report to Avira that it is a False Positive! But don't let Avira remove the WRSA.exe files!

    HTH,

    TH
     
  3. delah

    delah Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    80
    Location:
    Ireland
    I have paid Prevx3 and that identified the beta as malware as well!
    I reported it.
     
  4. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    How can that be possible you can't run Prevx 3 and WRSA at the same time? Or are you talking about the install file?

    TH
     
  5. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Thanks. I already submitted wrsa.exe to avira and its "Under Analysis".
    Hope they can reply since Avira now is always asking me to remove wrsa.exe. :(
     
  6. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    This will always happen during the Beta testing some other AV will detect WRSA as malware!

    See this post: https://www.wilderssecurity.com/showpost.php?p=1891425&postcount=67

    TH
     
  7. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    I forgot to tell you that there were 2 files detected by avira, aside from wrsa.exe it also detected WRusr.dll as malware.

    Does WRusr.dll belongs to Webroot?
     
  8. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    Yes it does and FP also!

    TH
     
  9. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Thank you for your prompt reply.

    anyhow, this is what avira site said about WRusr.dll

     
  10. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    But it's still a FP and don't let Avira remove those files! ;) PrevxHelp will give us more info!

    TH

    Capture26-07-2011-8.57.25 AM.jpg
     
  11. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Thanks again!

    I emailed back Avira and explained to them that those 2 files belong to WebRoot Secure Anywhere Beta.
     
  12. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    Your Welcome please let us know how it goes! ;)

    TH
     
  13. calix

    calix Registered Member

    Joined:
    Apr 15, 2011
    Posts:
    19
    Update:

    Avira just replied about my inquiry about wrsa.exe & wrusr.dll, and here is what they have to say...

    http://analysis.avira.com/samples/d...Ppjv821TrckZVA10srbDvfkhLgJ&incidentid=790770
     
    Last edited: Jul 26, 2011
  14. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    Great thank you! ;)

    TH
     
  15. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    For what it's worth, the file "wrkrn.sys" is also a Webroot file :)

    Thanks!
     
  16. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    I can't find that file on Win 7 x64 o_O

    TH

    Capture26-07-2011-12.20.08 PM.jpg
     
  17. Matthijs5nl

    Matthijs5nl Guest

    It is the deep level driver (it also boots up in Safe Mode for example), should be in system32/drivers I guess.
     
  18. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    Thanks a simple search didn't find it but a search of System32 did!

    TH
     
  19. delah

    delah Registered Member

    Joined:
    Oct 27, 2007
    Posts:
    80
    Location:
    Ireland

    I meant the install file.
     
  20. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It will be under the actual C:\Windows\System32\Drivers\ folder - it is a native 64bit driver (you might be browsing under C:\Windows\Syswow64\drivers\ which is where 32bit applications would write).
     
  21. Triple Helix

    Triple Helix Specialist

    Joined:
    Nov 20, 2004
    Posts:
    12,609
    Location:
    Ontario, Canada
    I have found it thanks Joe! ;)

    Daniel
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.