System Infected With Win 7 Anti-Spyware 2011

Discussion in 'Prevx Releases' started by GreekGuy, Dec 22, 2012.

Thread Status:
Not open for further replies.
  1. GreekGuy

    GreekGuy Registered Member

    Joined:
    Oct 6, 2011
    Posts:
    41
    Location:
    Toronto, CANADA
    Hi,

    My computer is infected with "Win 7 Anti-Spyware 2011" virus. And, so far, Webroot has given me no warning messages whatsoever. (That's a bit disappointing...the file executed without Webroot giving any popups!!)

    A deep scan with Webroot came up clean.

    From what I've read, I think I am now supposed to wait until Webroot identifies the virus and deletes it automatically. (Until that happens, I have to put up with those pesky Virus Infection!! warnings that pop every few minutes.)

    Please let me know if I need to do anything else.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I recommend writing into our support inbox - they'll be able to help you out and find any infections that were missed.

    Let me know your results!
     
  3. GreekGuy

    GreekGuy Registered Member

    Joined:
    Oct 6, 2011
    Posts:
    41
    Location:
    Toronto, CANADA
    What great customer support!!!

    Submitted a ticket...received a reply within a few minutes....performed a deep scan......virus files taken off my system......problem solved.

    Thanks Webroot
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    WoW great to hear and fast! ;)

    TH
     
  5. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  6. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    yup they are crazy fast to respond and awesome to work with.did they run a deep scan or was it something they had you do on your end?? just curious.
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I'm assuming that they looked at his scan log and marked the files then you do a standard Deep Scan and everything is rolled back to before the infection IMO.

    TH
     
  8. GreekGuy

    GreekGuy Registered Member

    Joined:
    Oct 6, 2011
    Posts:
    41
    Location:
    Toronto, CANADA

    Webroot's e-mail instructed me to run a Deep Scan.

    That's what I did and nothing else.
     
  9. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    2,144
    Location:
    in a remote land :)
    14mn, very fast.
     
  10. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Wow, customer service - what a concept :)
     
  11. country2

    country2 Registered Member

    Joined:
    Sep 13, 2008
    Posts:
    169
    Why did this get thru the first time as its nothing new.

    You said you did a deep scan and it came up clean. Then they instructed you to do a clean scan and nothing else and it deleted it....?
     
  12. Techfox1976

    Techfox1976 Registered Member

    Joined:
    Jul 22, 2010
    Posts:
    749
    On Saturday of a four-day holiday weekend no less. Scary thought, innit?
     
  13. GreekGuy

    GreekGuy Registered Member

    Joined:
    Oct 6, 2011
    Posts:
    41
    Location:
    Toronto, CANADA
    I have no idea why Webroot did not alert me that something was amiss when I first opened the infected file or soon thereafter, when I ran the initial Deep Scan.

    The infection was only detected (and removed) after I had e-mailed my scan log to Webroot's tech support and they subsequently asked me to run a second Deep Scan, about 15-20 minutes later.
     
  14. silverfox99

    silverfox99 Registered Member

    Joined:
    Jul 14, 2006
    Posts:
    204
    i guess that's enough time for the WR guys to update the sigs on the cloud server, so a user running a deep scan 20 mins later will identify & sort it?
     
  15. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Last edited: Dec 23, 2012
  16. Bodhitree

    Bodhitree Registered Member

    Joined:
    Dec 5, 2012
    Posts:
    567
    This is one of my issues with WR. It 'often' lets past these types of threats, and never really seems to notice them. Unless one knows how to do a deep scan, they will virtually take over a system.

    One of the reasons I stopped running it was I was able to infect a system fairly easily with one of my bunker tests, and WR continued on operating like the system was fine, while this thing continued to chip away at the system. I have been unable to duplicate this in the product I currently run, it's far more robust. I think WR will be pretty nice after more work though, and I will continue to evaluate it. I wish they'd add a more robust HIPS, and possibly some 'deep' signatures like Bit Defenders or something.

    There is some controversy with WR in testing, that they 'cooked' the test. For example Rubenking totally borked his computer with infections all to the oblivious Webroot, but each subsequent notification to support, another threat was removed. Then they 'seemingly' figured out what machines he was using, and magically WR started finding and removing them with each subsequent scan. For me, this isn't very comforting, but mirrors my personal experience in a few ways.
     
  17. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That's definitely not true - I was personally the single point of contact with Neil Rubenking when he was doing his testing. The detections he received were as "natural" as any, and he actually performs real, real-world tests (visiting malicious websites and getting infected) rather than simulations and automated executions. As Triple Helix said, fake AVs generally don't actually exhibit malicious behavior so they're more difficult to detect. We strive to detect everything immediately but this is one of the more challenging areas.

    Our support team definitely helps find infections as users write in, but we will generally pick up on them automatically anyway as considering how many infections we see every day, it would be economically impossible to have a large enough support team to manage if every user that encountered an infection had to write in and have it dealt with manually.
     
  18. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    i literally beat the snot out of av's when i do testing. and as i have said in the past i have lic's to basically every av out there. i can not say webroot has the absolute best detection score in my testing but it is in the top 10 on my list. my thing that i love about it is the fast support and the fact that when something is missed (and all av's miss things and no one here can tell me otherwise there is no 100% every day in av testing never will be imo) its added VERY quickly and then the item is usually removed pretty easily and mostly whats left is just some junk and nothing that can do any harm and can be deleted.
     
  19. Anarion

    Anarion Registered Member

    Joined:
    Dec 22, 2012
    Posts:
    31
    Location:
    Finland
  20. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    It is completely independent from system restore and much more sophisticated.:)
     
  21. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Exactly! :thumb:

    TH
     
  22. Anarion

    Anarion Registered Member

    Joined:
    Dec 22, 2012
    Posts:
    31
    Location:
    Finland
    Good. Because Windows system restore is the first thing I disable. :D
     
  23. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Same here!

    TH
     
  24. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,121
    Location:
    USA
    Agreed that System Restore is not generally useful, but there is one exception in my experience and that's when a Windows Update fails. Windows Update will create a restore point before installing updates. If an update fails that prevents the system from booting using System Restore to roll back to right before applying the update is a reliable solution. Without a restore point that's a sticky situation to sort out.
     
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I back up once a week and before windows updates.

    TH
     
Thread Status:
Not open for further replies.