Webroot and Caution.rootkit
+1Best answer by DanP
While your process “fixes” the problem it doesn’t address the real question which is why do I have to do it in this situation to clear this possible infection? Is webroot buggy?
Hello
Setting the heuristic settings to maximum increases the chance for false positives - this is expected behavior, and we recommend leaving your heuristic settings at the default because of this.
The caution.rootkit detections are likely false positives based on what we've seen from other users when they have set heuristics to maximum. If you are still concerned that you may be infected you can Submit a Support Ticket and we can have a look.
The uninstall and reinstall is recommended because it is the best way to ensure that those traces are no longer seen as bad and are not detected again based on the information that you have provided.
-Dan
+63Hello
Is this what your seeing? CurrentControlSet detection's
Do you have your heuristics set to Max?
If you do then yes it would be best to do a clean reinstall with default settings and you can try to set to Max again as I have mine always set to Max without issues. See this thread about it https://community.webroot.com/webroot-secureanywhere-antivirus-12/what-could-cause-the-caution-rootkit-virus-to-return-a-day-later-258967#post259496
Please follow the steps closely!
- Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
- KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
- Download a Copy Here (Best Buy Subscription PC users click HERE) Let us know if it is the Mac version you need.
- Uninstall WSA and Reboot
- Install with the new installer, enter your Keycode and don't import any settings if asked to as you can set it up as you like once it's done
- Let it finish it's install scan
- Reboot once again
Please let us know if that resolves your issue?
Thanks,
Daniel 
+1While your process “fixes” the problem it doesn’t address the real question which is why do I have to do it in this situation to clear this possible infection? Is webroot buggy?
+35- OpenText Employee
- 515 replies
- Answer
While your process “fixes” the problem it doesn’t address the real question which is why do I have to do it in this situation to clear this possible infection? Is webroot buggy?
Hello
Setting the heuristic settings to maximum increases the chance for false positives - this is expected behavior, and we recommend leaving your heuristic settings at the default because of this.
The caution.rootkit detections are likely false positives based on what we've seen from other users when they have set heuristics to maximum. If you are still concerned that you may be infected you can Submit a Support Ticket and we can have a look.
The uninstall and reinstall is recommended because it is the best way to ensure that those traces are no longer seen as bad and are not detected again based on the information that you have provided.
-Dan
+37Hi,
i set heuristic settings to maximum, and after scan show these are rootkit
HKLM\SYSTEM\ControlSet001\Services\BITS\Parameters\ServiceDll
HKLM\SYSTEM\ControlSet001\Services\Schedule\ImagePath
HKLM\System\CurrentControlSet\Services\Schedule\Parameters\ServiceDll
HKLM\System\CurrentControlSet\Services\Schedule\Parameters\ServiceDllUnloadOnStop
HKLM\System\CurrentControlSet\Services\Schedule\AtTaskMaxHours
HKLM\System\CurrentControlSet\Services\Schedule\Security\Security
HKLM\System\CurrentControlSet\Services\Schedule\DependOnService
HKLM\System\CurrentControlSet\Services\Schedule\Description
are they false positives ?
i clear their ?
Regards,
Amir
+35- OpenText Employee
- 515 replies
Hello
Since those only showed up after setting your heuristics to maximum, those are likely False Positives. You will want to set your heuristics back to the standard setting and may wish to do an uninstall/reinstall as well.
Thanks,
-Dan
+37Hello
Since those only showed up after setting your heuristics to maximum, those are likely False Positives. You will want to set your heuristics back to the standard setting and may wish to do an uninstall/reinstall as well.
Thanks,
-Dan
H Dan,
i clear subjects and reset computer.
maybe clear these false positives , make problem for computer?
Regards ,
Amir
+63Hello
Since those only showed up after setting your heuristics to maximum, those are likely False Positives. You will want to set your heuristics back to the standard setting and may wish to do an uninstall/reinstall as well.
Thanks,
-Dan
H Dan,
i clear subjects and reset computer.
maybe clear these false positives , make problem for computer?
Regards ,
Amir
No issues as Webroot can’t remove those False Positives in any case. See for more info: https://community.webroot.com/webroot-secureanywhere-antivirus-12/what-could-cause-the-caution-rootkit-virus-to-return-a-day-later-258967#post259496
+63Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.