Skip to main content
Uggh..  Trying to install a nice virgin clean Windows 10 envronment.  I downloaded Webroot SecureAnyware 9.0.10.21, and then turned off the WiFi (don't want someone knocking on my firewall until Webroot is running).  I installed Webroot without any problem.  Next I went to install 7-Zip, the free go-to zip/unzip software I have used at home and at work for years.

 

I installed 7-Zip v16.02 from May (.msi file). As of today this appears to be the newest.  I did a right-click, "Scan with Webroot" and it reported "No threats found".  A few minutes after the install Weboot "burps" that it found Malware for 7-Zip (I had only a few seconds to read, I didn't quite get it all).

 

So my 7-Zip, the latest version had Malware.  Ounch.  Not an everyday thing for me.  I researched and found that 7-Zip is infamous coming loaded with Malware.  I am guessing the fact you can download the open source code and roll your own 7-zip install file is the problem?

 

Here is my log.

 

0688 Infection detected: c:usersartsappdatalocal emp r76uh__.exe.part [MD5: 514F96AF7830A27443D2D883FE2569E1] [3/00081000] [Pua.Downloadshield]

.0688 File blocked in realtime: c:usersartsappdatalocal emp r76uh__.exe.part [MD5: 514F96AF7830A27443D2D883FE2569E1, Size: 295640 bytes] Pua.Downloadshield]

0690 Determination flags modified: c:usersartsappdatalocal emp r76uh__.exe.part - MD5: 514F96AF7830A27443D2D883FE2569E1, Size: 295640 bytes, Flags: 00000020

0690 Performing cleanup entry: 1

 

So I have two questions.

1. Did Webroot really remove the threat?  Since I am only an hour or two into the Windows 10 rebuild, should I start over??

2. Where the heck can I download a malware-free 7-Zip install?  I wish I could remember where I got my infected file.
Hello Claveman,

 

Have you checked in Webroot Quarantine? Is Webroot red? You can rescan as well to check to see if you have any threats.

 

You can download 7-Zip from here.

 

I would think Webroot has taken care of that critter and I would continue with installing Windows 10.

 

Hope this helps?
Hi Claveman

 

If I may just add here...to be accurate the download was not infected by malware but rather by a a non-malware program we commonly refer to as a PUA or Potentially Unwanted Application, as evidenced by "[Pua.Downloadshield]" appended at the back of the relevant lines in the log.

 

It did cleanup the issue, as eveidencd by the "Performing cleanup entry: 1" statement in the log.

 

Now whilst PUAs are not technically 'malware' they are not at all desirable to most users...the hint is in the use of the term 'Potentially Unwanted....', and the key to avoiding them is to make sure that when downloading apps one does so from the author's own website or one that they have recommended, and not 3rd party downloading site.

 

WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.

 

To make sure that your WSA is checking for PUAs proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:

 


  • Open Webroot SecureAnywhere
  • Click on ‘Advanced Settings’ from the top right
  • Select ‘Scan Settings’ from the left side
  • Unselect the option “Detect Potentially Unwanted Applications”
  • Click on the Save button (you may have to enter in a CAPTCHA)
  • Reselect the option to “Detect Potentially Unwanted Applications”
  • Click on the Save button
  • Run another scan with Webroot and remove any items that get detected.
Hope that this additional information is of assistance?

 

Regards, Baldrick
Thanks to everyone.  I downloaded the 7-Zip from their website and it seems to be fine now.  I reset/cleared the settings as recommended.  The file was in the quarantine area.
Hi Claveman

 

Sounds like a result...thanks for letting us know. :D

 

Regards, Baldrick
Why is it showing ? in the subject lines in some posts?
Hi Daniel

 

As I said elsewhere, I have absolutely no idea...started this morning. Your guess is as good as mine. :@

 

Regards, Baldrick

 

 

Reply