To Customer Support To Customer Support
Solved

How can I get rid of some rootkit found by Webroot?

  • 5 January 2017
  • 5 replies
  • 379 views
T
After scanning my PC, Webroot found some rootkit and can't get rid of it, even after restarting
 
Please help.
 

 
 
SystemCurrentControlSetServicesCDPUserSvc_6b634            Caution.Rootkit
SystemCurrentControlSetServicesMessagingService_6b634    Caution.Rootkit
SystemCurrentControlSetServicesOneSyncSvc_6b634            Caution.Rootkit
icon

Best answer by RetiredTripleHelix 5 January 2017, 22:00

View original

5 replies

J
Userlevel 7
Hello @ and welcome to our Community.

Any threat related inquiries need to be reviewed by our Advanced Malware Removal Team directly:
Support Number: 1-866-612-4227 M-F 7am?6pm MT
Send us a Support Ticket: https://detail.webrootanywhere.com/servicewelcome.asp
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
When you get these types of detections SystemCurrentControlSetServices it means your heuristics are set above default so in most cases you need to do a clean reinstall of WSA then you can set your heuristics above default again. I had these detections many times because I run my heuristics at Maximum. http://live.webrootanywhere.com/content/680/Adjusting-Heuristics
 
Please follow the steps closely!
 
  • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
  • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
  • Download a Copy Here (Best Buy Geek Squad Subscription PC users click HERE) Let us know if it is the Mac version you need.
  • Uninstall WSA and Reboot
  • Install with the new installer, enter your Keycode and do NOT import any settings if offered by the installer as you can set it up as you like once it's done
  • Let it finish it's install scan
  • Reboot once again
Please let us know if that resolves your issue?
 
Thanks,
 
Daniel 🙂
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Also if you let WSA clean them up they will be detected again untill a reinstall can be done so you don't have to worry as WSA doesn't really remove them.
 
Thanks,
 
Daniel :)
 

H
Problem: Internet connectivity is not permitted by the infection. How do I 'get to the Internet' around this, so I can do the clean install? Thanks in advance! - Heath
Baldrick
Rank
Userlevel 7
Hi heathdalberts
 
Welcome to the Community Forums.
 
What I would do if you cannot access the Internet due to a malware infection, is to first try booting your computer in Safe Mode with Networking. ANd the try doing what you were being blocked from doing.
 
For help in getting into Safe Mode with Networking please see THIS from the Microsoft Support site.
 
If doing this does not help then I would Open a Support Ticket and ask the Support Team (the Professionals) to advise what to do next.
 
Do let us know how you get on, and if you go to SUpport then what they advise.
 
Regards, Baldrick
 
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.