check for malware

Webroot scan did not find malware.  However I got a message from microsoft security essentials alert that
my computer has adware, trojan and hack tool that should be removed.
I suggest webroot users use "Microsfot Safety Scanner" to check for malware.
Scanner is temporary.
I have Windows 7 home

Best answer by EamonF 2 May 2013, 18:14

View original

12 replies

Userlevel 7
If you think your computer is infected, please Open a Support Ticket so that we can get you in touch with one of our support technicians. Our advanced malware removal is free, and it is better to be safe than sorry if you think for any reason you may be infected.
Even if Webroot misses a threat, we have advanced rollback and remediation technology that journals all of the actions of unknown programs/files which we can then revert and remediate.
Userlevel 7
Without looking at the logs I am guessing thats its the fake Microsoft Safety Scanner that is doing the rounds at the moment. The removal tool is actually an infection that WSA always catches. It will be called "Security Scanner[1].exe" and you should see it in the scan logs of Webroot if you tried to save it. If you submit a log I can confirm this. In anycase I would not visit that site anymore as its either infected or has a malicious link in it.
Userlevel 7
I agree with Mike. Not to worry. WSA has rollback and remediation tech. And moreover the support team offers free malware removal. Those are at the top of the reasons why I love WSA so much.:)
Userlevel 7
I think Roy has a point. fake MS scanner could be a possibility that causing the prob.
Userlevel 4
Badge +3
Hi Renie67,

You have most likely seen a fake Windows Security alert that is quite common at the moment from multiple different sources. These are websites that prompts you to download a malicious file to your computer by faking the look of a legitimate Microsoft application. This fake antivirus called Microsoft Security Essentials can be seen below:

It is always advised to forced close your browser (via Task Manager or Close Button) if this occurs and report the URL in the address bar to ourselves so we can block it for all users. I would also recommend making sure your Adobe Flash and Java is up to date and that you use a more secure web browser such as Google Chrome or Mozilla Firefox.
Userlevel 7
Hi Renie67,
To add to Eamon's and Rakanisheu's points, we've actually posted about this type of scan very recently on our Webroot Threat Blog. It's an informative and interesting read that helps you avoid these fake AV scams and stay protected should you encounter one.
Userlevel 7
Badge +56
Hello EamonF and Welcome to the Webroot Community Forums.
Nice to see more Threat Researcher's on the Forums! ;)
Userlevel 7
Hello EamonF!  Welcome to the Community, I hope we continue to see you on here!
Userlevel 7
I've noticed renie67 has WSA and the allegedly fake MS scanner. The fake AV is causing the prob.

WSA will remove the fake AV once it's blacklisted and rollback the changes. If the fake AV has already been known to exist for sometime and WSA team is aware and have probably blacklisted why did WSA not catch the AV? So if I happen to get the fake AV by mistake do I have to contact support to remove it? Will WSA not prevent it or detect it after a scan and remove it?
Userlevel 7
You dont have to contact support to remove it, normally we automatically catch these Fake AV`s. You can always use the manual removal option or use the block option in detection configuration. You also have to remember that although it may look the same it may be a completely different infection. Some of these Fake AV`s can be custom built very easily where you can just pick a displayed image and payload.
Userlevel 7
Oh I see. Okay thanks Roy.:)
Userlevel 7
Hello EamonF, Welcome to the Webroot Community Forum. :D
Happy to see another Threat Researcher here on the forum. 😉