Malware ID'd by Real Time Shield
Became Webroot (WR) user on 14 Aug 15. Received a Real Time Shield msg. this AM that a malware was found. I clicked on the wrong icon authorizing it to be allowed vs. removed. Have sinse tried to find and remove it (Ran WR virus program and Malwarebytes (Free Program) w/o success. Does anyone have a solution to finding and removing this malicious program?
Hi c1lived
Welcome to the Community Forums.
If you did what I am thinking you did then it should be OK and all that has happened is that the suspect elements of the malware have been sent to Quarantine. If you have not already please click on the gear/cog symbol to the right of the PC Security tab, and then on the Quarantine tab. Do you have any items showing up in there?
Regards, Baldrick
Welcome to the Community Forums.
If you did what I am thinking you did then it should be OK and all that has happened is that the suspect elements of the malware have been sent to Quarantine. If you have not already please click on the gear/cog symbol to the right of the PC Security tab, and then on the Quarantine tab. Do you have any items showing up in there?
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Baldrick, went to quarinteen file and found uti2mTCy.sysinC:1windowssysWOW64drivers. I scanned it with WR w/o results. I then placed it in "Block/Allow" file and placed it under "Monitor". NOTE: The was removed on initial installation of WR and was re-identified the next morning...were I clicked on "Authorized" by mistake. Please advise. Thank You, c1lived.
Hi c1lived
You could actually have left the file in Quarantine as in there it is locked down and unable to run or be used, waited a few days to see if anything was broken as a result of the file being 'missing' and then deleted from the system.
In terms of what you have done, that is fine and if yo have managed to get it to a 'Monitored' status is 'Block/Allow' then WSA will be limiting any actions that it tries to take and monitoring those that it does. If in such a status then it will be included in the scheduled scans with WSA that should be taking place regularly, and if determined to be 'good' then that should switch off 'monitoring' and if determined as 'bsd' then WSA should move it to 'Block' status and/or look to remove it automatically.
But I would check back periodically to see at what status it is as 'monitoring' for a long period of time will build up a potentially large journalling file if it left in that state for any length of time. If you find that this is happening then I would submit it to the Support Team for analysis which you can do either from (i) within WSA...go from the main panel 'Utilities' > 'Reports' > 'Submit a file' (right hand side of the 'Reports' tab, and follow the instructions in the new panel' OR (ii) you can use the Webroot File Submission web page (here) with the options on the 'Submit a file' page being fairly explanatory.
In either case follow this up with Support by Opening a Support Ticket, to let them know about this and that you have submitted the file (they will get an automatic upload of the WSA logs from your system when you do) and hopefully they can come back to you to advise as to whether it is 'good' or 'bad' and confirm how you should proceed.
I hope that the rambling reply helps? If not then please post back for clarification.
Regards, Baldrick
You could actually have left the file in Quarantine as in there it is locked down and unable to run or be used, waited a few days to see if anything was broken as a result of the file being 'missing' and then deleted from the system.
In terms of what you have done, that is fine and if yo have managed to get it to a 'Monitored' status is 'Block/Allow' then WSA will be limiting any actions that it tries to take and monitoring those that it does. If in such a status then it will be included in the scheduled scans with WSA that should be taking place regularly, and if determined to be 'good' then that should switch off 'monitoring' and if determined as 'bsd' then WSA should move it to 'Block' status and/or look to remove it automatically.
But I would check back periodically to see at what status it is as 'monitoring' for a long period of time will build up a potentially large journalling file if it left in that state for any length of time. If you find that this is happening then I would submit it to the Support Team for analysis which you can do either from (i) within WSA...go from the main panel 'Utilities' > 'Reports' > 'Submit a file' (right hand side of the 'Reports' tab, and follow the instructions in the new panel' OR (ii) you can use the Webroot File Submission web page (here) with the options on the 'Submit a file' page being fairly explanatory.
In either case follow this up with Support by Opening a Support Ticket, to let them know about this and that you have submitted the file (they will get an automatic upload of the WSA logs from your system when you do) and hopefully they can come back to you to advise as to whether it is 'good' or 'bad' and confirm how you should proceed.
I hope that the rambling reply helps? If not then please post back for clarification.
Regards, Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.