Best answer by Baldrick
View originalMultiple alerts-PLEASE HELP ME!
Ok so I have a new pc I bought it for Christmas, I use it for school, dota 2, Skype, and iTunes and general we browsing, that's it. I scan my pc when I boot it up, and when I insert a flash drive to move video files-MOSTLY like 99%. So today I boot up my pc and I'm got an alert about 5-10 minutes in, saying I got adware, I get jumpy and so I let webroot do its thing and remove the threat. So just to be safe I use the webroot scanner and all's good. To make sure I restart and sure enough-another alert. This goes on for about three to four restarts. And I've gone through--49 removed threats-- and two types of malware detected which are-"W32.Adware.Adknowledge" and "Win32.LocalInfect.2" they've shown up every time I restart/power off and on. Webroot shows the location as "c:user(my pc's name)appdatalocal emp..." Then the files always show as-"octcxxxx.temp.exe" where xxxx="2cb" or "54cb" and other variations ending in"..cb". Someone Please help, thank you.
Userlevel 7
H MrMelon
Welcome to the Community Forums.
What you are seeing and describing sounds like it may be due to what we on the Community refer to as as PUAs or Potentially Unwanted Applications.
These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
For those that are not detected by WSA, please see this KB Article. It has some easy to follow directions on locating and removing PUA's. You may also want to submit a Support Ticket, especially if you cannot remove it easily from the directions in the KB Article.
For those that ARE detected by WSA, but cannot be removed automatically, you can submit a Support Ticket. Webroot Support will help you get these annoying 'crapware' off your computer at no extra charge, and the additional examples may help to better automatic removal of that particular PUA for all users in the future. So given what you are describing please open that Support Ticket ASAP.
To make sure that your WSA is checking for PUA's with the best proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
I hope this helps you both understand, and resolve the problem and if not please let us know!
Regards, Baldrick
Welcome to the Community Forums.
What you are seeing and describing sounds like it may be due to what we on the Community refer to as as PUAs or Potentially Unwanted Applications.
These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
For those that are not detected by WSA, please see this KB Article. It has some easy to follow directions on locating and removing PUA's. You may also want to submit a Support Ticket, especially if you cannot remove it easily from the directions in the KB Article.
For those that ARE detected by WSA, but cannot be removed automatically, you can submit a Support Ticket. Webroot Support will help you get these annoying 'crapware' off your computer at no extra charge, and the additional examples may help to better automatic removal of that particular PUA for all users in the future. So given what you are describing please open that Support Ticket ASAP.
To make sure that your WSA is checking for PUA's with the best proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
- Open Webroot SecureAnywhere
- Click on ‘Advanced Settings’ from the top right
- Select ‘Scan Settings’ from the left side
- Unselect the option “Detect Potentially Unwanted Applications”
- Click on the Save button (you may have to enter in a CAPTCHA)
- Reselect the option to “Detect Potentially Unwanted Applications”
- Click on the Save button
- Run another scan with Webroot and remove any items that get detected.
I hope this helps you both understand, and resolve the problem and if not please let us know!
Regards, Baldrick
Thank you Baldrick, I feel a little less panicky now knowing my problem is mostly harmless to my pc, I intend go get help from my tech savvy friend in removing these files later today, as of yet my pc seems unaffected in any way no pop-ups or redirects, nor are there any recent programs installed without my knowing aside from a steam and iTunes update, thank you for the help.
Ps-are "TMP" files safe to just delete completely or what? I'm having trouble understanding them. Again thank you.
Ps-are "TMP" files safe to just delete completely or what? I'm having trouble understanding them. Again thank you.
Userlevel 7
Hi MrMelon
You are most welcome...glad to be of assistance. Hopefully your tech savvy friend will do the business for you but do remember that if for any reason the task is too complex or there is any uncertainty then you always have recourse to opening the support ticket suggested previously...the service is frre of charge to users with active subscriptions.
As for .TMP files, in general one can delete them completely but if you have any concerns you can just delete them to the Recycle Bin, which gives you to option of restoring them should there prove to be a need but if after a few days there is no untoward issues that may be due to their deletion, you can permanently delete them from the Recycle Bin.
Hope that helps further?
Regards, Baldrick
You are most welcome...glad to be of assistance. Hopefully your tech savvy friend will do the business for you but do remember that if for any reason the task is too complex or there is any uncertainty then you always have recourse to opening the support ticket suggested previously...the service is frre of charge to users with active subscriptions.
As for .TMP files, in general one can delete them completely but if you have any concerns you can just delete them to the Recycle Bin, which gives you to option of restoring them should there prove to be a need but if after a few days there is no untoward issues that may be due to their deletion, you can permanently delete them from the Recycle Bin.
Hope that helps further?
Regards, Baldrick
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.