Just got this omnious notice on my computer while scanning porn website - notice claims to be an official US Dept. of Justice notice that I have violated some federal statute by accessing website and that my computer has been locked down, pending payment of a $300 "fine" to this site. Payment must be within 48 hours via MoneyPak (prepaid card) or I would face prosecution and my computer permanently disabled. I cannot get control of my user site, but can switch users and utilize my computer,
Anybody familiar with this - is it legitimate?
Page 1 / 1
It's fake. Right click the green (W) Webroot icon in the bottom-right of the screen > Save scan log
Look at the last 50 lines and paste any that says "Monitoring" in a message here.
Or just open a ticket, explain your problem, and paste the last 50 lines into the support window. Trust me they don't care where you've been, you're actually doing them a favor letting them know about your problem.
https://www.webrootanywhere.com/servicewelcome.asp
Look at the last 50 lines and paste any that says "Monitoring" in a message here.
Or just open a ticket, explain your problem, and paste the last 50 lines into the support window. Trust me they don't care where you've been, you're actually doing them a favor letting them know about your problem.
https://www.webrootanywhere.com/servicewelcome.asp
Hello Tony808 and Welcome to the Webroot Community Forums!
Yes it's fake and do as expanoit suggested and Submit a Support Ticket and they will look after you also have a look at this thread: https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Please-Help-Concerned-About-FBI-MoneyPak-Virus/m-p/37996#M1714 and here: https://community.webroot.com/t5/Security-Industry-News/The-Evolution-of-FBI-MoneyPak/m-p/54702#M2150
HTH,
Daniel 😉
Yes it's fake and do as expanoit suggested and Submit a Support Ticket and they will look after you also have a look at this thread: https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Please-Help-Concerned-About-FBI-MoneyPak-Virus/m-p/37996#M1714 and here: https://community.webroot.com/t5/Security-Industry-News/The-Evolution-of-FBI-MoneyPak/m-p/54702#M2150
HTH,
Daniel 😉
Posting the last 50 lines with "monitoring" from scan log.
Wed 2013-11-13 10:40:49.0732 Infection detected: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A] [3/08080001] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:49.0732 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:49.0742 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0012 Infection detected: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A] [3/08080001] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0012 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0022 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0626 Infection detected: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A] [3/08080001] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0626 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0636 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0976 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [(null)]
Wed 2013-11-13 10:40:55.0485 Determination flags modified: c:usersownerappdatalocal empkumkrl - MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes, Flags: 00000020
Wed 2013-11-13 10:40:58.0248 Performing cleanup entry: 1
Wed 2013-11-13 10:40:59.0574 Scan Started: [ID: 532 - Flags: 551/128]
Wed 2013-11-13 10:41:38.0102 Monitoring process c:usersownerappdatalocal emp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 9 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 3 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 4 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 5 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 7 (23054)
Wed 2013-11-13 10:41:38.0195 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 8 (23054)
Wed 2013-11-13 10:41:38.0195 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 6 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 3 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 4 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 5 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 7 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 8 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 6 (23054)
Wed 2013-11-13 10:41:43.0125 Begin passive write scan (1 file(s))
Wed 2013-11-13 10:41:44.0217 End passive write scan (1 file(s))
Wed 2013-11-13 10:44:35.0179 Scan Results: Files Scanned: 37770, Duration: 3m 35s, Malicious Files: 0
Wed 2013-11-13 10:44:35.0225 Scan Finished: [ID: 532 - Seq: 2147000000]
Wed 2013-11-13 10:44:36.0349 Connected to A1
Wed 2013-11-13 10:47:03.0274 >>> Service started [v8.0.4.24]
Wed 2013-11-13 10:47:03.0290 Terminated abruptly in the last session
Wed 2013-11-13 10:47:21.0623 User process connected successfully from PID 780, Session 1
Wed 2013-11-13 10:47:29.0438 Connecting to 73 - 73
Wed 2013-11-13 10:47:31.0760 Monitoring process c:usersownerappdata
oamingmicrosoftwindows emplatesdircxtx.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 9 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 3 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 4 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 5 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 7 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 8 (23053)
Wed 2013-11-13 10:47:31.0780 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 6 (23053)
Wed 2013-11-13 10:47:37.0920 Begin passive write scan (1 file(s))
Wed 2013-11-13 10:47:38.0466 End passive write scan (1 file(s))
Wed 2013-11-13 10:47:53.0411 Begin passive write scan (1 file(s))
Wed 2013-11-13 10:47:53.0785 End passive write scan (1 file(s))
Wed 2013-11-13 11:48:34.0632 User process connected successfully from PID 780, Session 2
Wed 2013-11-13 11:49:38.0718 Scan Started: [ID: 532 - Flags: 551/0]
Wed 2013-11-13 11:53:08.0897 Connected to A1
Wed 2013-11-13 11:53:09.0256 Scan Results: Files Scanned: 37625, Duration: 3m 30s, Malicious Files: 0
Wed 2013-11-13 11:53:09.0303 Scan Finished: [ID: 532 - Seq: 2147000000]
Wed 2013-11-13 11:55:03.0214 User process connected successfully from PID 780, Session 4
Wed 2013-11-13 11:55:39.0324 Blocked process from accessing protected data: C:Program Files (x86)RealNetworksRealDownloader
ecordingmanager.exe [Type: 1]
Wed 2013-11-13 10:40:49.0732 Infection detected: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A] [3/08080001] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:49.0732 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:49.0742 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0012 Infection detected: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A] [3/08080001] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0012 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0022 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0626 Infection detected: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A] [3/08080001] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0626 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0636 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [W32.Rogue.Gen]
Wed 2013-11-13 10:40:50.0976 File blocked in realtime: c:usersownerappdatalocal empkumkrl [MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes] [134742017/00000003] [(null)]
Wed 2013-11-13 10:40:55.0485 Determination flags modified: c:usersownerappdatalocal empkumkrl - MD5: 631B7415B767D01A30614B1917B0B85A, Size: 184320 bytes, Flags: 00000020
Wed 2013-11-13 10:40:58.0248 Performing cleanup entry: 1
Wed 2013-11-13 10:40:59.0574 Scan Started: [ID: 532 - Flags: 551/128]
Wed 2013-11-13 10:41:38.0102 Monitoring process c:usersownerappdatalocal emp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 9 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 3 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 4 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 5 (23054)
Wed 2013-11-13 10:41:38.0180 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 7 (23054)
Wed 2013-11-13 10:41:38.0195 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 8 (23054)
Wed 2013-11-13 10:41:38.0195 Monitoring process c:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 6 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 3 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 4 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 5 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 7 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 8 (23054)
Wed 2013-11-13 10:41:38.0570 Monitoring process C:UsersOwnerAppDataLocalTemp~tmp1391022918652614735.tmp [A87C6A29EEEC8033148FBABCE87A778B]. Type: 6 (23054)
Wed 2013-11-13 10:41:43.0125 Begin passive write scan (1 file(s))
Wed 2013-11-13 10:41:44.0217 End passive write scan (1 file(s))
Wed 2013-11-13 10:44:35.0179 Scan Results: Files Scanned: 37770, Duration: 3m 35s, Malicious Files: 0
Wed 2013-11-13 10:44:35.0225 Scan Finished: [ID: 532 - Seq: 2147000000]
Wed 2013-11-13 10:44:36.0349 Connected to A1
Wed 2013-11-13 10:47:03.0274 >>> Service started [v8.0.4.24]
Wed 2013-11-13 10:47:03.0290 Terminated abruptly in the last session
Wed 2013-11-13 10:47:21.0623 User process connected successfully from PID 780, Session 1
Wed 2013-11-13 10:47:29.0438 Connecting to 73 - 73
Wed 2013-11-13 10:47:31.0760 Monitoring process c:usersownerappdata
oamingmicrosoftwindows emplatesdircxtx.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 9 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 3 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 4 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 5 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 7 (23053)
Wed 2013-11-13 10:47:31.0770 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 8 (23053)
Wed 2013-11-13 10:47:31.0780 Monitoring process C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe [A87C6A29EEEC8033148FBABCE87A778B]. Type: 6 (23053)
Wed 2013-11-13 10:47:37.0920 Begin passive write scan (1 file(s))
Wed 2013-11-13 10:47:38.0466 End passive write scan (1 file(s))
Wed 2013-11-13 10:47:53.0411 Begin passive write scan (1 file(s))
Wed 2013-11-13 10:47:53.0785 End passive write scan (1 file(s))
Wed 2013-11-13 11:48:34.0632 User process connected successfully from PID 780, Session 2
Wed 2013-11-13 11:49:38.0718 Scan Started: [ID: 532 - Flags: 551/0]
Wed 2013-11-13 11:53:08.0897 Connected to A1
Wed 2013-11-13 11:53:09.0256 Scan Results: Files Scanned: 37625, Duration: 3m 30s, Malicious Files: 0
Wed 2013-11-13 11:53:09.0303 Scan Finished: [ID: 532 - Seq: 2147000000]
Wed 2013-11-13 11:55:03.0214 User process connected successfully from PID 780, Session 4
Wed 2013-11-13 11:55:39.0324 Blocked process from accessing protected data: C:Program Files (x86)RealNetworksRealDownloader
ecordingmanager.exe [Type: 1]
If you can, go to http://virustotal.com and submit the following file. (You can just paste this into the box at the bottom of the dialogue that comes up when you select a file)
C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe
Please paste the URL of the result webpage that comes up.
Open WSA > PC Security gear icon > Block/Allow Files >
Find "DircxtX.exe" in the list and click the "Block" circle.
Then go back to your other profile.
This is just a temporary thing until Webroot replies to your ticket.
C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe
Please paste the URL of the result webpage that comes up.
Open WSA > PC Security gear icon > Block/Allow Files >
Find "DircxtX.exe" in the list and click the "Block" circle.
Then go back to your other profile.
This is just a temporary thing until Webroot replies to your ticket.
Went to virustotal.com website and tried to paste C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe on file name box, but got message that it is not correct path.
Did I miss a step here?
Did I miss a step here?
Just upload the file on VT from that Directory! C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe@ wrote:
Went to virustotal.com website and tried to paste C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe on file name box, but got message that it is not correct path.
Did I miss a step here?
HTH,
Daniel
Sorry, real non-techie here, but how do I upload the file onto VT? The only option seems to be "choosing a file", which opens up to my documents list, which has the scan log. Do I need to get somewhere else on the computer to upload the file, or am I using the wrong file (Directory! C:UsersOwnerAppDataRoamingMicrosoftWindowsTemplatesDircxtX.exe) ?
I checked the MD5 of both files on VT and came up with nothing so it's best to just contact support from the link above.
Thanks,
Daniel
Thanks,
Daniel
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.