I'm a long term user but first post on the forum.
Using Windows 7 64bit. I regularly update windows and today quite a big update causing a restart.
Upon restarting Webroot secure anywhere detected and on second attempt removed ielowutil.exe stating it as infection:Win32.UserAdded.
This is a mystery to me. I use Firefox and Chrome, not Windows Internet Explorer.
Oh yes, I had also just clicked on a message upon starting Virtualbox to download oracle's latest Virtualbox update.
Solved
Threat identified after windows update today. Win 32.User Added
Best answer by Baldrick
Hi applepie
And welcome to the Community Forums...http://www.forumsextreme.com/images2/sBo_bouncing.gif
Have researched this a little for you and in terms of an explanation as to what this .exe relates to please see this article. As yo will read process is a legitimate Microsoft process which is a part of the Internet Explorer (which is built into Windows, of course)...so my view would be that for some reason you have a false positive detection, perhaps due to the latest Windows update introducing a new version of the .exe that WSA's database does not yet recognise.
For that reason I would submit do what Petrovic has suggested and open a support ticket in which you detail the issue and specifically the .exe you are having trouble with. That submission will automatically provide Support with a copy of the latest Scan Log, which should have the details of the FP, the .exe., the MD5 for it, etc., and from that they should be able to determine whether or not you have an infection or it is in fact an FP, in which case they can whitelist the new version, etc.
Hope that helps clarify for you? Let's us know how this turns out for you...feedback is always gratefully received.
Regards
Baldrick
And welcome to the Community Forums...http://www.forumsextreme.com/images2/sBo_bouncing.gif
Have researched this a little for you and in terms of an explanation as to what this .exe relates to please see this article. As yo will read process is a legitimate Microsoft process which is a part of the Internet Explorer (which is built into Windows, of course)...so my view would be that for some reason you have a false positive detection, perhaps due to the latest Windows update introducing a new version of the .exe that WSA's database does not yet recognise.
For that reason I would submit do what Petrovic has suggested and open a support ticket in which you detail the issue and specifically the .exe you are having trouble with. That submission will automatically provide Support with a copy of the latest Scan Log, which should have the details of the FP, the .exe., the MD5 for it, etc., and from that they should be able to determine whether or not you have an infection or it is in fact an FP, in which case they can whitelist the new version, etc.
Hope that helps clarify for you? Let's us know how this turns out for you...feedback is always gratefully received.
Regards
Baldrick
+52Hello applepie and Welcome to the Webroot Community Forums!
Best to contact Webroot support:
Support Number: 1-866-612-4227
Support Ticket: https://www.webrootanywhere.com/servicewelcome.asp
Thank you
Petr.
Best to contact Webroot support:
Support Number: 1-866-612-4227
Support Ticket: https://www.webrootanywhere.com/servicewelcome.asp
Thank you
Petr.
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
Hi applepie
And welcome to the Community Forums...http://www.forumsextreme.com/images2/sBo_bouncing.gif
Have researched this a little for you and in terms of an explanation as to what this .exe relates to please see this article. As yo will read process is a legitimate Microsoft process which is a part of the Internet Explorer (which is built into Windows, of course)...so my view would be that for some reason you have a false positive detection, perhaps due to the latest Windows update introducing a new version of the .exe that WSA's database does not yet recognise.
For that reason I would submit do what Petrovic has suggested and open a support ticket in which you detail the issue and specifically the .exe you are having trouble with. That submission will automatically provide Support with a copy of the latest Scan Log, which should have the details of the FP, the .exe., the MD5 for it, etc., and from that they should be able to determine whether or not you have an infection or it is in fact an FP, in which case they can whitelist the new version, etc.
Hope that helps clarify for you? Let's us know how this turns out for you...feedback is always gratefully received.
Regards
Baldrick
And welcome to the Community Forums...http://www.forumsextreme.com/images2/sBo_bouncing.gif
Have researched this a little for you and in terms of an explanation as to what this .exe relates to please see this article. As yo will read process is a legitimate Microsoft process which is a part of the Internet Explorer (which is built into Windows, of course)...so my view would be that for some reason you have a false positive detection, perhaps due to the latest Windows update introducing a new version of the .exe that WSA's database does not yet recognise.
For that reason I would submit do what Petrovic has suggested and open a support ticket in which you detail the issue and specifically the .exe you are having trouble with. That submission will automatically provide Support with a copy of the latest Scan Log, which should have the details of the FP, the .exe., the MD5 for it, etc., and from that they should be able to determine whether or not you have an infection or it is in fact an FP, in which case they can whitelist the new version, etc.
Hope that helps clarify for you? Let's us know how this turns out for you...feedback is always gratefully received.
Regards
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
+62😃 Welcome Applepie!! Hope to get everything addressed with your system., Weve got the best Community here around with dedicated Webroot Volunteers and @ , @ and @ and many others to help you.
Best Regards,
Sherry
Best Regards,
Sherry
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.3), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
Cheer, applepie
It will be good to hear back from you.
Have a great day/evening (depending on where you currently are)..http://www.forumsextreme.com/images2/sFun_yoohoo.gif
Regards
Baldrick
It will be good to hear back from you.
Have a great day/evening (depending on where you currently are)..http://www.forumsextreme.com/images2/sFun_yoohoo.gif
Regards
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Hello applepie,
Welcome to the Webroot Community!
Hope you stay with us as a satisfied SecureAnywhere user :D
Of course feel free to ask any questions and please don't worry if you encounter any issues because we have the Best and the Fastest Support in business! :D
Regards,
Mike
Welcome to the Webroot Community!
Hope you stay with us as a satisfied SecureAnywhere user :D
Of course feel free to ask any questions and please don't worry if you encounter any issues because we have the Best and the Fastest Support in business! :D
Regards,
Mike
Thanks, yes webroot support responded very quickly, the log collecting device was very cool and automated, it was a false positive, glad to say. Whether I was successful in getting the quarrantined file to do what it had been supposed to do remains to be seen, but I clicked the exe file, webroot didn't seem to mind and there are no new mysterious users in my control panel, so assuming all is ok. Just a bit worrying especially with all this heartblead stuff going on at the moment. Cheers.
+62Hi applepie,
Thanks for posting back with the information. Great that Support was able to get your issues resolved.
Have a great rest of the week and keep a posting because it's always nice to have everyone here with their ideas helping others out.
Cheers to you too,
Sherry
Thanks for posting back with the information. Great that Support was able to get your issues resolved.
Have a great rest of the week and keep a posting because it's always nice to have everyone here with their ideas helping others out.
Cheers to you too,
Sherry
Hi applepie
Many thanks for posting back...such feedback is very useful to the Community going forward...it helps us with our kitbag for assiting other users in similar circumstances in the future.
Glad that we were able to point you in the right direction, that Support was able to confirm an FP.
Hope to see you around in the future...and not just if you have an issue...;)
Regards
Baldrick
Many thanks for posting back...such feedback is very useful to the Community going forward...it helps us with our kitbag for assiting other users in similar circumstances in the future.
Glad that we were able to point you in the right direction, that Support was able to confirm an FP.
Hope to see you around in the future...and not just if you have an issue...;)
Regards
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Do you still have that file in quarantee? You might try submitting it to: www.virustotal.com and see what it comes up with!
+62Hi Nerf8..that's a great idea!
Thanks,
Sherry
Thanks,
Sherry
+56Win 32.User Added means the user marked it bad and I assume support has got the OP fixed up and sorted.
Daniel 😉
Daniel 😉
YOu are welcomed Sherry! Then again! Like another user reported, it just could be a false positive that WRSA has detected and I think a person can configure WRSA to ignore that file during scans!
+62Hello..boondabah!
Thanks, Sherry
Thanks, Sherry
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.