how come I get cryptowall virus after installing webroot?
I got cryptowall virus eventhough I have webroot. I don't understand, I thought I am protected. I am very dispointed of your product.
Hi fattah
Welcome to the Community Forums.
I am sorry to hear this and whilst WSA should protect from this 'nasty' malware there is no thing as 100% protection...I am sad to say.
OK, well, the first thing is not to attempt to reboot you system as I understand it is that each time one does that the malware will copy itself to a new name under the %Temp% folder and then create a new task scheduler job to launch it on login. So rebooting just increase the amount of work required to remove the infection components.
I should say that even if it is a new variant that WSA has never seen before, WSA's multi-layered protection should keep your personal information safe. For example, if a suspicious or undetermined program has passed the several layers of local and Webroot Intelligence Network (Cloud) checks, it is monitored extremely closely, and watched to see which files, registry keys and memory locations it alters.
If a monitored program is later found to be behaving maliciously, WSA can step-in to block and quarantine it, alert the user and administrator, and proceed to automatically clean-up the threat. The journaling function has recorded and remembered the before and after state of each change made (including changes made to local files). So in the rare case that a threat does get through the heuristics, sandbox, and other defenses, the journaling and monitoring of behavior ensures it cannot do any permanent damage to a user’s machine.
You may be at the stage where WSA has yet to update the determination from ''undetermined' to 'bad' and so start removal.
So, ASAP, run a scan with WSA and see if it picks up anything and if it does then let it undertake whatever actions it decides on. If that does not resolve the issue for you or if the scan comes up clean the please Open a Support Ticket ASAP to notify the Support Team so that the professionals can get involved and look to assist.
This service is free of charge to WSA users with a current/valid subscription.
Finally, if you do have to contact Support; do you have a recent backup of your files or a recent image of your disk? If you do then please make sure that you mention it in the Support Ticket as that will help the Support Team in terms of the options they have for remediation of the issue.
I hope that the above helps in some way, and please do come back to us and let us know how you have gotten on.
Regards, Baldrick
Welcome to the Community Forums.
I am sorry to hear this and whilst WSA should protect from this 'nasty' malware there is no thing as 100% protection...I am sad to say.
OK, well, the first thing is not to attempt to reboot you system as I understand it is that each time one does that the malware will copy itself to a new name under the %Temp% folder and then create a new task scheduler job to launch it on login. So rebooting just increase the amount of work required to remove the infection components.
I should say that even if it is a new variant that WSA has never seen before, WSA's multi-layered protection should keep your personal information safe. For example, if a suspicious or undetermined program has passed the several layers of local and Webroot Intelligence Network (Cloud) checks, it is monitored extremely closely, and watched to see which files, registry keys and memory locations it alters.
If a monitored program is later found to be behaving maliciously, WSA can step-in to block and quarantine it, alert the user and administrator, and proceed to automatically clean-up the threat. The journaling function has recorded and remembered the before and after state of each change made (including changes made to local files). So in the rare case that a threat does get through the heuristics, sandbox, and other defenses, the journaling and monitoring of behavior ensures it cannot do any permanent damage to a user’s machine.
You may be at the stage where WSA has yet to update the determination from ''undetermined' to 'bad' and so start removal.
So, ASAP, run a scan with WSA and see if it picks up anything and if it does then let it undertake whatever actions it decides on. If that does not resolve the issue for you or if the scan comes up clean the please Open a Support Ticket ASAP to notify the Support Team so that the professionals can get involved and look to assist.
This service is free of charge to WSA users with a current/valid subscription.
Finally, if you do have to contact Support; do you have a recent backup of your files or a recent image of your disk? If you do then please make sure that you mention it in the Support Ticket as that will help the Support Team in terms of the options they have for remediation of the issue.
I hope that the above helps in some way, and please do come back to us and let us know how you have gotten on.
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
gosh, i am with tech support right now and the tech guy has never heard of it. i am trying to be nice. he tells me to reboot but the advice in the community and on the web is not to do that. he wouldn't even escalate it the issue to find out what the webroot tech people might know until i repeatedly asked him. this is insane. he finally said let me ask around.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.