I have secureanywhere V8.0.6.28 installed and just found 4 iterations of a variant of kryptic.cugt on my computer. I had to use ESET Scanner to find it. The iterations were installed in the win32/ directory and showed up as constantly executing programs named cevbabatrahi.exe. I do not know what all they did, but the slowed my computer down noticably.
My computer is an HP desktop running Windows 7.
I don't know why the Webroot software did not find this, but hopefully they will add it to their library.
DL Barr
Page 1 / 1
Hello wda3559,
Welcome to the Community,
I've done some research and all I can find is it's a considered a trojan by ESET like you have stated. Other then that I'm not able to furnish any other information.
My advice would be for you to issue a Support Ticket so they can look into this for you, which is free of charge with an active subscription.
Please let us know how this goes so that we can help others!
Best Regards
Welcome to the Community,
I've done some research and all I can find is it's a considered a trojan by ESET like you have stated. Other then that I'm not able to furnish any other information.
My advice would be for you to issue a Support Ticket so they can look into this for you, which is free of charge with an active subscription.
Please let us know how this goes so that we can help others!
Best Regards
Hi wda3559
Welcome to the Community Forums.
EDIT: I see that Sherry replied before me!
Thanks for the heads up. I have checked out the ESET Threat Encyclopedia, and in fact the threat you mention was only first recorded by them yesterday (28th December)...so this is just about as new or current as it gets. And for that reason I suspect that the files concerned are not yet in the Webroot Cloud Definitions).
Having said that I think that I should explain how WSA works...it scans each file/app as it executes and looks to determin if it is known as 'good' or 'bad' in the Webroot Cloud Definition (or WIN). If 'good' it is allowed to execute normally, if 'bad' it is blocked as you would expect...but if unable to make this determination then WSA lets it continue but (i) puts limits on the actions it can undertake & (ii) starts monitoring it and its actions which it also journals. If at a later date the file is deemed 'good' then the journalling / monitoring stops and it is allowed to act normally, but if it is finally determined to be 'bad' then it is permanently blocked and WSA then proceeds, using the journalling of the action whilst monitored, to undo or rollback any activity or actions it carried out.
This is the unique way that WSA works to protect the user.
Now, as this threat is so new I suspect that it has been by WSA as 'undetermined' and its activities monitored, which may well explain why your system has slowed down.
PLease do as Sherry recommends and log the Support Ticket. Doing this will upload the Scan Logs from WSA to them and will highlight the undetermined files which will prompt them to investigate and most likely flag them as 'bad'. once that occurs the next time that WSA scans after the Webroot Cloud Definition update it will seem them as bad and should rollback any nefarious activities perpetrated by them...if any was.
I hope that helps and complements the information that Sherry provided.
Regards, Baldrick.
Welcome to the Community Forums.
EDIT: I see that Sherry replied before me!
Thanks for the heads up. I have checked out the ESET Threat Encyclopedia, and in fact the threat you mention was only first recorded by them yesterday (28th December)...so this is just about as new or current as it gets. And for that reason I suspect that the files concerned are not yet in the Webroot Cloud Definitions).
Having said that I think that I should explain how WSA works...it scans each file/app as it executes and looks to determin if it is known as 'good' or 'bad' in the Webroot Cloud Definition (or WIN). If 'good' it is allowed to execute normally, if 'bad' it is blocked as you would expect...but if unable to make this determination then WSA lets it continue but (i) puts limits on the actions it can undertake & (ii) starts monitoring it and its actions which it also journals. If at a later date the file is deemed 'good' then the journalling / monitoring stops and it is allowed to act normally, but if it is finally determined to be 'bad' then it is permanently blocked and WSA then proceeds, using the journalling of the action whilst monitored, to undo or rollback any activity or actions it carried out.
This is the unique way that WSA works to protect the user.
Now, as this threat is so new I suspect that it has been by WSA as 'undetermined' and its activities monitored, which may well explain why your system has slowed down.
PLease do as Sherry recommends and log the Support Ticket. Doing this will upload the Scan Logs from WSA to them and will highlight the undetermined files which will prompt them to investigate and most likely flag them as 'bad'. once that occurs the next time that WSA scans after the Webroot Cloud Definition update it will seem them as bad and should rollback any nefarious activities perpetrated by them...if any was.
I hope that helps and complements the information that Sherry provided.
Regards, Baldrick.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.