I have a discovery that I think is quite terrifying. I found something attacking my system Win xp, vista , 7 and 8. The best I can come up with it is something like injection codeing. This malware/trojen/virus/worm etc for whatever it is, is so advanced I have yet to find anything that IDs it or stops it. I was able to read some core files and discovered this re-writes the core roots and everything. I tried everything nothing affected it. I had the latest Norton AV, Malware, 17 digit pass codes, trojan hunter, and more; this stuff got by it all. It is so sopisticated that it appeared to me to think for it self and disarmed everything that would threaton or be a threat to stopping it. This stuff made partitcians rewrote system files, backup files, you name it, even the MS process exploer programs were all disabled to give you an idea... I worked for months combating this. spoke to many PC experts, tried every software I could and still it is there. No one yet has been able to shed much light on this. One last thing it even id'd every WIFI, cell and commo access spot within my neighborhood. The far east comes to mind as some files were found in chineese... but I do not know.
No I am not crazy nor have I ever done anything to be a target for anything like this that I am aware of... I went through several PCs before I was able to get a non-infected system to use.
HAs anyone ever encountered or heard of this stuff? Any advise is welcome.
Userlevel 7
I have never seen nor heard of anything quite like what you describe. What you can do as a WSA user is to submit a Trouble Ticket. WSA has the built-in ability to submit suspect files to Webroot Support, and they will be able to talk you through that process on your ticket.
Userlevel 7
Completely agree with David re. this one...best to get the information that you have over to the Support Team at Webroot, and they will let their Threat Researchers lose on it, and see what they come up with.
I think that I am correct in thinking that they welcome this sort of proactive involvement from knowledgable users, etc., especially if there is backing information which it sounds like you have.
I think that I am correct in thinking that they welcome this sort of proactive involvement from knowledgable users, etc., especially if there is backing information which it sounds like you have.
Userlevel 7
+56
I'm sure one of the Threat Researchers will see this and make a reply.
TH ;)
TH ;)
Userlevel 7
Hello,
Can you describe the issue in more details?
Are files being moved/deleted? Examples would be very helpful
You mention that process explorer is being blocked from running? Anything else?
Is the system running slower?
Do you hear audio adverts?
You mention various operating systems, do you mean that you have multiple PC`s with this issue?
You said the infection is creating HDD partitions?
What were the experts opinions that you talked to?
Can you describe the issue in more details?
Are files being moved/deleted? Examples would be very helpful
You mention that process explorer is being blocked from running? Anything else?
Is the system running slower?
Do you hear audio adverts?
You mention various operating systems, do you mean that you have multiple PC`s with this issue?
You said the infection is creating HDD partitions?
What were the experts opinions that you talked to?
Userlevel 7
+35
Hello MC1-1xpert,
If you have not already done so, please submit the file to http://http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx
It may also help to submit a support ticket and reference the file name and MD5 checksum of the file uploaded. We would certainly like to have a look at it.
Thanks,
-Dan
If you have not already done so, please submit the file to http://http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx
It may also help to submit a support ticket and reference the file name and MD5 checksum of the file uploaded. We would certainly like to have a look at it.
Thanks,
-Dan
This sounds like the nasty problem I started having over the weekend.
On one of my PC's I didn't realize I hadn't updated my Webroot license and I started having browser issues of ad's popping up.
When I updated my keycode the next scan found 30 bad files.
This partially fixed the problem but there is still code hiding.
Ad's no longer pop up but if I try to go to web locations that may seems like a threat like webroot it will not go anywhere on any browser.
I tried to uninstall Chrome which is my main browser and it won't uninstall says there is an open window somewhere.
When this virus got installed it changes the home page of all browsers to some http://www.conduit.com......
Currently I can't do anything with this system and I am trying to file a ticket but also having some issues there...I can't file a ticket so I guess I may need to call
On one of my PC's I didn't realize I hadn't updated my Webroot license and I started having browser issues of ad's popping up.
When I updated my keycode the next scan found 30 bad files.
This partially fixed the problem but there is still code hiding.
Ad's no longer pop up but if I try to go to web locations that may seems like a threat like webroot it will not go anywhere on any browser.
I tried to uninstall Chrome which is my main browser and it won't uninstall says there is an open window somewhere.
When this virus got installed it changes the home page of all browsers to some http://www.conduit.com......
Currently I can't do anything with this system and I am trying to file a ticket but also having some issues there...I can't file a ticket so I guess I may need to call
Userlevel 7
+56
Conduit isn't an infection per say it's a PUA and can be a pain to remove please have a look at this for info
https://community.webroot.com/t5/Tips-and-Tricks-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744#.Uwu2U4XDtdU and please give Webroot Support a call if necessary! http://www.webroot.com/us/en/company/contact-us
TH
https://community.webroot.com/t5/Tips-and-Tricks-KB/How-to-Remove-Potentially-Unwanted-Applications/ta-p/40744#.Uwu2U4XDtdU and please give Webroot Support a call if necessary! http://www.webroot.com/us/en/company/contact-us
TH
Thanks TH I'll give this a try tonight
Userlevel 7
+56
And I forgot to Welcome you to the Webroot Community Forums!
Your very welcome and if you need more help try to Submit a Support Ticket again after removing any PUA's and they will be happy to help you free of charge!
TH ;)
Your very welcome and if you need more help try to Submit a Support Ticket again after removing any PUA's and they will be happy to help you free of charge!
TH ;)
Hey TH thanks for the Welcome.
Looks like I'll have to submit a ticket but thought I would share my recent experience.
The PUA doc worked great and I was able to remove all the conduit related settings.
But my ability to go many web locations is broken on any browser.
So I attempted to uninstall Chrome and ran into my previous problem where it said I needed to close
open processes. Chrome was not open so I went to Task Manager-> Processes and there were about
6 Chrome.exe *32 running. So then I was able to uninstall
Chrome but now I can reinstall because my system won't allow install to access google.
Same thing if I try and install firefox.
So I can bring up an IE window but I can't access anything outside the pc.
Interesting thing is if I kill explorer.exe in the task manager all my icon's go away on my desktop including the windows button so the only way I know how to reboot is to do a hard pwr cycle.
And not sure if this is normal is after a few minutes the explorer.exe process starts up again on its own in the task manager. Maybe that is something MS does automatically.....but I don't think killing it should wipe out everything in my desktop
Looks like I'll have to submit a ticket but thought I would share my recent experience.
The PUA doc worked great and I was able to remove all the conduit related settings.
But my ability to go many web locations is broken on any browser.
So I attempted to uninstall Chrome and ran into my previous problem where it said I needed to close
open processes. Chrome was not open so I went to Task Manager-> Processes and there were about
6 Chrome.exe *32 running. So then I was able to uninstall
Chrome but now I can reinstall because my system won't allow install to access google.
Same thing if I try and install firefox.
So I can bring up an IE window but I can't access anything outside the pc.
Interesting thing is if I kill explorer.exe in the task manager all my icon's go away on my desktop including the windows button so the only way I know how to reboot is to do a hard pwr cycle.
And not sure if this is normal is after a few minutes the explorer.exe process starts up again on its own in the task manager. Maybe that is something MS does automatically.....but I don't think killing it should wipe out everything in my desktop
Userlevel 7
Hi martinw
May I add my welcome to the Community Forums...:D
If you kill explorer.exe then it will eventual restart on its own but if you cannot wait then you can used the Ctrl + Alt + Del key combination to reach a menu that gives yo the option of selecting to run the Task Manager. Once the Task Manager is open, click on 'File' (in the top left) and then select 'New Task (Run )', which will open up a window, into which you type 'explorer.exe' (minus the ' marks) and that should return your icons to the Desktop, your taskbar, etc.
I use this all the time if I have an issue with Windows itself.
Would agree that a ticket submission sooner rather than later, as suggested by Daniel, sounds liek the best course of action in the circumstances. ;)
Do post back to let us know how you get on/what Support advise, etc.
HTH?
Regards
Baldrick
May I add my welcome to the Community Forums...:D
If you kill explorer.exe then it will eventual restart on its own but if you cannot wait then you can used the Ctrl + Alt + Del key combination to reach a menu that gives yo the option of selecting to run the Task Manager. Once the Task Manager is open, click on 'File' (in the top left) and then select 'New Task (Run )', which will open up a window, into which you type 'explorer.exe' (minus the ' marks) and that should return your icons to the Desktop, your taskbar, etc.
I use this all the time if I have an issue with Windows itself.
Would agree that a ticket submission sooner rather than later, as suggested by Daniel, sounds liek the best course of action in the circumstances. ;)
Do post back to let us know how you get on/what Support advise, etc.
HTH?
Regards
Baldrick
Userlevel 7
+56
Yes PUA's are a pain can you try this in WSA to see if it picks up more leftovers it was a suggestion from @ one of Webroot's finest Threat Researchers and let us know if it picks up anything!
Thanks,
Daniel ;)
Thanks,
Daniel ;)
Userlevel 7
Hi Daniel...you are so right about DanP...and I am kicking myself for forgetting his simple tip 😳...and other one for the little black book.
Regards
Baldrick
Regards
Baldrick
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.