Good morning USA;)
Yesterday, when using my laptop, I have a WSA mesage: "this site is not secure".
Then I saw on the security bookmark: "1 threat has been elimanted".
Is it possible to see what was this threat?
Page 2 / 2
Ah ok that is different, let me see If I can fix that.
Hmm I cant find the info on that file, can you post the cleanup logs or MD5?
That's the analyse.logs:
30-06-2013 17:43:10.0985 Begin passive write scan (1 file(s)) 30-06-2013 17:43:12.0420 End passive write scan (1 file(s)) 30-06-2013 17:44:00.0405 Begin passive write scan (1 file(s)) 30-06-2013 17:44:01.0404 End passive write scan (1 file(s)) 30-06-2013 17:57:14.0822 Begin passive write scan (1 file(s)) 30-06-2013 17:57:16.0350 End passive write scan (1 file(s)) 30-06-2013 18:04:39.0009 Begin passive write scan (1 file(s)) 30-06-2013 18:04:40.0238 End passive write scan (1 file(s)) 30-06-2013 18:04:48.0014 Begin passive write scan (1 file(s)) 30-06-2013 18:04:48.0943 End passive write scan (1 file(s)) 30-06-2013 18:05:01.0000 A suspicious file was detected: c:users
obertdesktoplanguagepack_french.exe - D2AFB7BBE8DDF4C4BD05537BD1598870 - 00080801 30-06-2013 18:05:01.0000 File blocked in realtime: c:users
obertdesktoplanguagepack_french.exe [MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes] [526337/00000020] [(null)] 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 3 (4666) 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 4 (4666) 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 5 (4666) 30-06-2013 18:05:01.0003 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 8 (4666) 30-06-2013 18:05:01.0125 A suspicious file was detected: c:users
obertdesktoplanguagepack_french.exe - D2AFB7BBE8DDF4C4BD05537BD1598870 - 00080801 30-06-2013 18:05:01.0125 File blocked in realtime: c:users
obertdesktoplanguagepack_french.exe [MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes] [526337/00000020] [(null)] 30-06-2013 18:05:13.0984 Determination flags modified: c:users
obertdesktoplanguagepack_french.exe - MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes, Flags: 00000020 30-06-2013 18:05:42.0475 Performing cleanup entry: 1 30-06-2013 18:05:43.0276 Scan Started: [ID: 37 - Flags: 551/128] 30-06-2013 18:06:50.0337 Connected to B5 30-06-2013 18:06:54.0338 Scan Results: Files Scanned: 38408, Duration: 1m 10s, Malicious Files: 0 30-06-2013 18:06:54.0348 Scan Finished: [ID: 37 - Seq: 70992414]
30-06-2013 17:43:10.0985 Begin passive write scan (1 file(s)) 30-06-2013 17:43:12.0420 End passive write scan (1 file(s)) 30-06-2013 17:44:00.0405 Begin passive write scan (1 file(s)) 30-06-2013 17:44:01.0404 End passive write scan (1 file(s)) 30-06-2013 17:57:14.0822 Begin passive write scan (1 file(s)) 30-06-2013 17:57:16.0350 End passive write scan (1 file(s)) 30-06-2013 18:04:39.0009 Begin passive write scan (1 file(s)) 30-06-2013 18:04:40.0238 End passive write scan (1 file(s)) 30-06-2013 18:04:48.0014 Begin passive write scan (1 file(s)) 30-06-2013 18:04:48.0943 End passive write scan (1 file(s)) 30-06-2013 18:05:01.0000 A suspicious file was detected: c:users
obertdesktoplanguagepack_french.exe - D2AFB7BBE8DDF4C4BD05537BD1598870 - 00080801 30-06-2013 18:05:01.0000 File blocked in realtime: c:users
obertdesktoplanguagepack_french.exe [MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes] [526337/00000020] [(null)] 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 3 (4666) 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 4 (4666) 30-06-2013 18:05:01.0002 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 5 (4666) 30-06-2013 18:05:01.0003 Monitoring process C:UsersRobertDesktopLanguagePack_French.exe [D2AFB7BBE8DDF4C4BD05537BD1598870]. Type: 8 (4666) 30-06-2013 18:05:01.0125 A suspicious file was detected: c:users
obertdesktoplanguagepack_french.exe - D2AFB7BBE8DDF4C4BD05537BD1598870 - 00080801 30-06-2013 18:05:01.0125 File blocked in realtime: c:users
obertdesktoplanguagepack_french.exe [MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes] [526337/00000020] [(null)] 30-06-2013 18:05:13.0984 Determination flags modified: c:users
obertdesktoplanguagepack_french.exe - MD5: D2AFB7BBE8DDF4C4BD05537BD1598870, Size: 517696 bytes, Flags: 00000020 30-06-2013 18:05:42.0475 Performing cleanup entry: 1 30-06-2013 18:05:43.0276 Scan Started: [ID: 37 - Flags: 551/128] 30-06-2013 18:06:50.0337 Connected to B5 30-06-2013 18:06:54.0338 Scan Results: Files Scanned: 38408, Duration: 1m 10s, Malicious Files: 0 30-06-2013 18:06:54.0348 Scan Finished: [ID: 37 - Seq: 70992414]
I think we have got mixed up that screenshot is related to the file that I have already whitelisted. That message from Windows is due to the fact that you are downloading a .exe. Its normal and isnt anything to do with Webroot. That file is good in our database.
Hello Roy,@ wrote:
I think we have got mixed up that screenshot is related to the file that I have already whitelisted. That message from Windows is due to the fact that you are downloading a .exe. Its normal and isnt anything to do with Webroot. That file is good in our database.
You are right, the first message is from Windows but after downloading this .exe Webroot deleted it and moved it in quarantine:@
It shouldnt be removing it, unless something weird is going on. I will need support logs at this stage.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.