Skip to main content
I have webroot endpoint protecton installed on my company's server but still got Ransomware. Now I have to restore from a backup and lose yesterdays data. My employer is not happy at this time..I may be murdered by days end..

This is what we got:

https://www.removemalwarefrompc.com/get-rid-crypted_zerwixairmail_cc-virus-remove-ransomware-recover-files#Phase 1

I need to know why this happened..I thought Webroot was supposed to protect against this stuff..

Edit: I can see that the last scan was done on Mar 3rd even though I have it set to run each day at 2:00AM"When resources are available"..I dont know if the "when resources are available" have anything to do with it but it needs to run every night regardless...
With any type of Infection and even Ransomware you should Contact support as in most cases they can help you as WSA has Monitoring with Rollback feature: Webroot Customer Service 

 

See these Video's: https://www.youtube.com/watch?v=4Wm1K4FmWqU

 

https://www.youtube.com/watch?v=qy5o2wIwUDk

 

Thanks,

 

Daniel
Why is this post marked as "solved"?????

Once again this proves Webroot inefficiencies in fighting ransomware.
@ wrote:

Why is this post marked as "solved"?????

Once again this proves Webroot inefficiencies in fighting ransomware.

Hello solved,

 

Welcome to the Webroot Community,

 

There isn't a AntiVirus that protects us 100% of the time. Webroot does have a Rollback Feature  and the Webroot Support Team can handle this. New Ransomeware comes out everyday...

 

The key...however good one's defences are, is to make sure, that one has a backup or, better still, a recent full image of one's disk(s)...so that if disaster does strike then at least one can revert to a pre-infection state.

 

Webroot uses the journaled data to undo every action by the program, including encrypting files. The company does warn that the journal database isn't unlimited in size, and advises keeping all important files backed up.

 

Kind regards,
It looks like the attack may have been through RDP. A weak password on a user may have been hacked.
@ wrote:

It looks like the attack may have been through RDP. A weak password on a user may have been hacked.

Thank you rich33584 for your input! 😃 Much appreciated!
@wrote:

Why is this post marked as "solved"?????

Once again this proves Webroot inefficiencies in fighting ransomware.

If you notice what I said "you should Contact support as in most cases they can help you" as Sherry said no AV is perfect but there is always a chance with Webroot SecureAnywhere.

 

Thanks,

 

Daniel
"... installed on my company's server "

 

Do you really expect that the OP will give access to the company server????

 

If "WSA has Monitoring with Rollback feature" is not a fake thing, should work without customer service intervention.

 

Reply