Fraud and identity theft issues

  • 29 July 2016
  • 7 replies
  • 828 views

Userlevel 1
Can an uninvited monitor driver be loaded onto my computer with Webroot active and correctly set up?

7 replies

Userlevel 7
Hi keith1
 
Welcome to the Community Forums.
 
The answer is 'Yes' but only if the driver in question is a legitimate file, i.e., it has been whitelisted in the Webroot Cloud. If it is not whitelisted or listed as bad then WSA will, respectively, monitor it until its level of 'goodness' has been dtermined or not, and if bad then WSA will pounce on it/block it, etc.
 
Take this scenario; you download an app from a 3rd party download site but unbeknownest to you they have included in the download a legitimate driver file. You download the installer and run it, and because they do not make it clear that the 'extra' file is precisely that you confirm and install all items in the installer. As the driver is legitimate, unless WSA knows that there is a tendency for this xriver to be added into installers it would not block/prevent the installation or even the download itself becuase the user has, inadvertently, consented to it.
 
So the trick to avoid this scenario is to make sure that all downloads are from the software author's own website or a site they recommend/link to re. the download. We in the Community know these as PUAs or Potentially Unwanted Applications.
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
Hope that helps, but if you have further questions please post back.
 
Regards, Baldrick
Userlevel 1
Thank you for taking the time to reply to my post.  How might this download be located?  I looked in programs and cound not detect it but I am somewhat concerned that I anadvertantly downloaded this montioring driver.  What to do?
 
Userlevel 7
Hi Keith1
 
Well, I would run a manual scan with WSA and that should reveal the presence of anything deemed to be either bad or goodness undetermined AND active.
 
And before this scan, to make sure that your WSA is checking for PUAs proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
 
  • Open Webroot SecureAnywhere
  • Click on ‘Advanced Settings’ from the top right
  • Select ‘Scan Settings’ from the left side
  • Unselect the option “Detect Potentially Unwanted Applications”
  • Click on the Save button (you may have to enter in a CAPTCHA)
  • Reselect the option to “Detect Potentially Unwanted Applications”
  • Click on the Save button
  • Run another scan with Webroot and remove any items that get detected.
If the subsequant scan comes up clean then WSA does not believe that there is an issue but if really concerned then you can always Open a Support Ticket, explain the position to the Support Team and they should be able to advise as to what further action to take or even look into this for you directly. The service is free for any user with an active WSA subscription.
 
May I ask at this point, as you will have to explain to the Support Team as to why you believe that your system may have been compromised, what makes you believe there is a potential issue? What are the symptoms, if any, that have led you to the conclusion you have arrived at?
 
Regards, Baldrick
Userlevel 1
OK I must confess.  I fell prey to a "ransomware" event a few months back.  I fell for it and paid the accented representative $270 and after my computer was "restored to me".  Last week I received a call from the same individual (male/Indian accent) and he advised me that there was a refund due me as they were no longer actively able to "support" the "security program" I had purchased and they needed access to my computer to "remove a potentially corrupt" program.  Foolishly I conceeded and allowed this to occur via "Team Viewer".  He then asked me to check my bank account balances which I did (STUPID) and the screen went black and I knew I was in deep doo doo.  After the screen reloaded he asked me to check my account again to verify my refund, which I did and there was $1,000.00 "transferred" into my checking account.  He then told me I needed to purchase $650 in "I Tunes" cards from a local retailer and then call him back with the card info.
 
Now I know I am in trouble here, but I felt compelled to abide.  Fortunately my debit card was declined and I then bailed on the whole scheme and called fraud protection at my bank, explaining the whole saga.  I was told that the $1,000.00 was transferred from another of my own accounts into my checking account.  Sucker I am.  So when I returned I removed the battery from mu lap top to ensure I was disconnected from the WIFI and here I am now.
 
I changed some passwords and cancelled some credit cards to play it safe.  I am concerned that they somehow downloaded a "monitoring application" on my lap top and am not quite sure how to verify it is clean without lighting the thing up with a can of gas and a match.
 
Feel like a total idiot.
 
 
 
Userlevel 7
Hi keith1
 
Well, that is a salutory story if I ever heard one and you deserve many kudos for being so open and honest about all of this. I am sure that you are wiser now and thansk to your story being shared you may well have helped some others out there to not fall into the same trap. ;)
 
As to the "am concerned that they somehow downloaded a "monitoring application" on my lap top" well, I refer back to my initial post which included a scenario where one downloads an app from a 3rd party download site but unknowns to the person they have included in the download a legitimate driver file, etc.
 
Well, the scenario holds good for the inclusion of a not so legitimate application or file, etc....so the trick to avoid this scenario is to make sure that all downloads are from the software author's own website or a site they recommend/link to re. the download. As I mentioned before we in the Community know these as PUAs or Potentially Unwanted Applications.
 
Also, as advised previously, WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
So, if you have run a scan and that has come up clean, and yo are still feeling uncertain/cautious then I would Open a Support Ticket, including a link to this thread, so that the Support Team can see where you are at, and then you can ask them if they will check your system to make sure that no PUAs and/or 'crapware' reside on it. The service is free to users with an active subscription. And hopefully they can reassure you that all is well.
 
Hope that helps, but if you have further questions please post back.
 
Regards, Baldrick
Userlevel 1
I appreciate the time and concern as well as the advice.  I hope my story does help another as that is how we learn, not the hard way...
 
Be well.
Userlevel 7
Hi Keith1
 
You are most welcome...happy to help where I can.
 
I am sure your story will be an example to others as to what to watch out for.
 
As I said previously...if you have any concerns then pelase open the support ticket (link in my previous post) and the Support Team can hopefully check & reassure you.
 
Regards, Baldrick

Reply