infected, but not found by webroot

@PrevxHelp,
Thank you for responding to my concerns. I appreciate it.

 

Except with some vendors, the Support link is buried in the program and takes a few more clicks to get to it; your link is right there on the GUI, and that makes a difference.

 

i am totally happy with what has been said and what is coming in 2014, i have 18 months left on my subscription and will be staying with it, all vendors will get slated for this and that, webrrot is a great solution , and many of my friends now have it, i am their "tech guy" if you like and i put them all onto it as it is easy to use and powerful.

 

That's great to hear. But don't be surprised if you see post about "FPs" on your forum after implementing this, as some users don't understand the reason behind PUP detections unfortunately.

So TH were right....well be sure to take your well deserved vacation sooner or later though.

 

Joe,
Are these generic processes actually in place and operational in 8.0.2.167 or do we have to wait for the 2014 release for them?
If they are already protecting users then very nice to know

 

They don't seem to be in place yet. Although now I can terminate the malware from the task manager, an improvement. WSA gave no indication of any malware.

 

They're in place in build .172+ which will be available before the 2014 release.

 

Thanks!

 

AND AGAIN
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.24.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Andy :: ANDY-PC [administrator]

24/10/2013 05:12:46
mbam-log-2013-10-24 (05-12-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 40061
Time elapsed: 2 minute(s), 52 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-4212196438-2827450765-1995154711-1000\$R60KERL.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.

(end)

 

2 PUPs.... One actually is in the waste bin... harmless and the other looks like just a registry dead left over or a false positive. Impressive work by MBAM
Next time try at least to upload the EXEs to virustotal to have a better identification/confirmation.

 

i keep getting a webroot pop up, delta search, but it just disappears as though webroot is blocking it, i did find delta search on my pc but uninstalled it, but it keeps popping up still

 

You could run AdwCleaner to get rid of Delta search if you wish: http://www.bleepingcomputer.com/download/adwcleaner/

 

Nice one Dermot, this was the log file, it was with firefox, everytime i clicked on the plus button to open another tab, the delta search came on, although webroot did create an alert to block it, whne i said block it would open up about 20 tabs, anyway all is well now thanks.

# AdwCleaner v3.010 - Report created 28/10/2013 at 09:33:04
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Andy - ANDY-PC
# Running from : C:\Users\Andy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Users\Andy\AppData\Local\Babylon
File Deleted : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\02oxxuxy.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\InstallIQ

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v24.0 (en-GB)

[ File : C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\02oxxuxy.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=14A70018F3EB8E7B&affID=120695&tt=02102013_mx15rbra&tsp=5030");
Line Deleted : user_pref("extensions.LinkSwift.aul", "1382587434590");
Line Deleted : user_pref("extensions.LinkSwift.irl", true);
Line Deleted : user_pref("extensions.LinkSwift.is", "IM27lsUK");
Line Deleted : user_pref("extensions.LinkSwift.ug", "4EA93914-2F25-44BD-B807-A23F0711643A");

*************************

AdwCleaner[R0].txt - [1616 octets] - [28/10/2013 09:32:08]
AdwCleaner[S0].txt - [1569 octets] - [28/10/2013 09:33:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1629 octets] ##########