Skip to main content
Solved

Remediation of found viruses.


When WebRoot 'cleans' a found virus does it remove the virus from the executable or does it just block the file?

Best answer by Shawn

Hello,
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
 
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support
View original
Did this help you find an answer to your question?

4 replies

Shawn
  • OpenText Employee
  • 80 replies
  • June 21, 2012
Hello,
When an executable is determined as bad and tries to execute on a system it will be blocked and all components will be quarantined.
We are currently looking into your issue and a member of our threat research team will be contacting you to take a deeper look at this system. There is a chance that this may be a new variant of an older infection and we may need samples to better understand this infection.
 
Thank you,
Webroot Enterprise Support

  • Author
  • Fresh Face
  • 2 replies
  • June 21, 2012
Didn't PrevX 'fix' any executable that it could and only block or delete items it couldn't fix?

Shawn
  • OpenText Employee
  • 80 replies
  • Answer
  • June 21, 2012
Hello,
As long as our software was on the system before it was infected, it will use journaling to roll back any changes on a system. If the infection was a code injector, than our software will roll back to a previous version of the file with the correct MD5 that is not infected.
If our software is not on the system at the time it was infected, it will not be able to roll back.
 
Thank you and please let us know if you have any further questions.
Webroot Enterprise Support

  • Author
  • Fresh Face
  • 2 replies
  • June 21, 2012
Really good answer!  Thanks!

Reply