Help, I'm Infected! (Read Me First)

Discussion in 'Prevx Releases' started by STV0726, Mar 27, 2012.

Thread Status:
Not open for further replies.
  1. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Greetings,

    If you believe that you are infected with malicious software and Webroot SecureAnywhere is not detecting it for you, you can self-assist by trying the following in addition to opening a support ticket at http://www.webroot.com/support. It is highly recommended that you at least open a support ticket first, as Webroot support is of very high quality and they will respond promptly to assist you. Additionally, they can have a support technician connect to your computer remotely with your permission to remove the malware for free, guaranteed!

    So opening a support ticket is definitely your first and most important step. However, while you wait for assistance, you can (if you so choose to) take some steps on your own:

    1. Open "Settings", then click "Heuristics". Turn all of the heuristics to maximum by dragging each of the 3 slider bars for each category all the way to the right. You can revert to defaults/your prior settings once the malware has been cleaned. This will assist in detecting stubborn, extra sneaky malware and offer extra protection in case the malware managed to terminate your Internet connection.
    2. Boot your computer into Safe Mode with Networking. In simple terms, Safe Mode is a Windows function (available for XP, Vista, & 7) that which allows only what is absolutely required to run execute on start-up. Of course, malware can infect in this mode as well, but it is an easy way to get an additional level of accuracy (even if it is minor) when running a removal scan. For instructions on how to enter Safe Mode on your PC, please see: http://www.computerhope.com/issues/chsafe.htm
    3. Open Webroot, select "PC Security", then select "Custom Scan". Choose "Full Scan", then continue. Allow the scan to run. Although this is usually not necessary, it is most likely worth your time if you truly believe you are infected and want to get a thorough scan performed.
    4. If the scan finds anything, allow Webroot to remove it. Reboot your computer and test for symptoms. You can launch a browser (preferably with a non-administrator account) and Google search for "Free Antivirus". Test the first few links to see if they go to where they should go. For example, if the result says "AVG", then you should of course be directed to AVG's official website by clicking that search result. If instead you get redirected to some random other company (it will be quite obvious), you know you still are infected with at least adware, but quite likely a rootkit that is hiding more infected files.
    5. If you are indeed still infected, if you need to use the computer and browse the web, make sure Webroot's Identity Shield is on. I would highly advise turning the global presets all to maximum (all the way to the right) to ensure no personal information is stolen while you surf. To do this, open Webroot, click "Identity & Privacy", then select "View/Edit Protected Websites". Highlight each of the entries and change them all to maximum for the time being.
    6. (ADVANCED) You can try opening Webroot's process monitor to manually kill untrusted processes. Open Webroot, click "System Tools", then click "System Control", then click "Start" under "Control Active Processes". Click the button that says "Kill Untrusted Processes". Test for symptoms again. Run another scan at this point to allow Webroot to kill malware that previous was protecting itself.

    Good luck and if anything above fails or you need additional assistance, do not hesitate to post here and PrevxHelp (Joe), TripleHelix (Daniel), myself (Stephen), or any of our many dedicated volunteers here will assist you!
     
    Last edited: Mar 28, 2012
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.