To Customer Support To Customer Support
Solved

Threat identified after windows update today. Win 32.User Added

A
Rank
Userlevel 1
I'm a long term user but first post on the forum.
Using Windows 7 64bit. I regularly update windows and today quite a big update causing a restart.
Upon restarting Webroot secure anywhere detected and on second attempt removed ielowutil.exe stating it as infection:Win32.UserAdded.
This is a mystery to me. I use Firefox and Chrome, not Windows Internet Explorer.
Oh yes, I had also just clicked on a message upon starting Virtualbox to download oracle's latest Virtualbox update.
icon

Best answer by Baldrick 9 April 2014, 20:49

View original

14 replies

Petrovic
Rank
Userlevel 7
Badge +52
Hello  applepie and Welcome to the Webroot Community Forums!
 
Best to contact Webroot support:

Support Number: 1-866-612-4227
Support Ticket: https://www.webrootanywhere.com/servicewelcome.asp
 
Thank you
Petr.
Helpful Webroot Links: Download (PC) | Download (Best Buy Subscription) | Submit Support Ticket | Account Console | User_Guides | BrightCloud URL lookup
Baldrick
Rank
Userlevel 7
Hi applepie
 
And welcome to the Community Forums...http://www.forumsextreme.com/images2/sBo_bouncing.gif
 
 
Have researched this a little for you and in terms of an explanation as to what this .exe relates to please see this article.  As yo will read process is a legitimate Microsoft process which is a part of the Internet Explorer (which is built into Windows, of course)...so my view would be that for some reason you have a false positive detection, perhaps due to the latest Windows update introducing a new version of the .exe that WSA's database does not yet recognise.
 
For that reason I would submit do what Petrovic has suggested and open a support ticket in which you detail the issue and specifically the .exe you are having trouble with.  That submission will automatically provide Support with a copy of the latest Scan Log, which should have the details of the FP, the .exe., the MD5 for it, etc., and from that they should be able to determine whether or not you have an infection or it is in fact an FP, in which case they can whitelist the new version, etc.
 
Hope that helps clarify for you?  Let's us know how this turns out for you...feedback is always gratefully received.
 
Regards
 
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Ssherjj
Rank
Userlevel 7
Badge +62
😃  Welcome Applepie!! Hope to  get   everything addressed with your system., Weve got the best Community here around with dedicated Webroot Volunteers  and @ , @  and @ and many others to help you.
 
Best Regards,
 
Sherry 
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
A
Rank
Userlevel 1
Thanks P, B & S. I will post support ticket as advised and let you know the outcome. 😃
Baldrick
Rank
Userlevel 7
Cheer, applepie
 
It will be good to hear back from you.
 
Have a great day/evening (depending on where you currently are)..http://www.forumsextreme.com/images2/sFun_yoohoo.gif
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
Miquell
Rank
Userlevel 7
Hello applepie,
 
Welcome to the Webroot Community!
Hope you stay with us as a satisfied SecureAnywhere user :D
Of course feel free to ask any questions and please don't worry if you encounter any issues because we have the Best and the Fastest Support in business! :D
 
Regards,
 
Mike
 
WEBROOT® SecureAnywhere™ Internet Security Complete Beta macOS Sierra & Windows 10 Pro 64
A
Rank
Userlevel 1
Thanks, yes webroot support responded very quickly, the log collecting device was very cool and automated, it was a false positive, glad to say. Whether I was successful in getting the quarrantined file to do what it had been supposed to do remains to be seen, but I clicked the exe file, webroot didn't seem to mind and there are no new mysterious users in my control panel, so assuming all is ok. Just a bit worrying especially with all this heartblead stuff going on at the moment. Cheers.
Ssherjj
Rank
Userlevel 7
Badge +62
Hi applepie,
Thanks for posting back with the information. Great that Support was able to get your issues resolved.
Have a great rest of the week and keep a posting because it's always nice to have everyone here with their ideas helping others out.

Cheers to you too,
Sherry
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Baldrick
Rank
Userlevel 7
Hi applepie
 
Many thanks for posting back...such feedback is very useful to the Community going forward...it helps us with our kitbag for assiting other users in similar circumstances in the future.
 
Glad that we were able to point you in the right direction, that Support was able to confirm an FP.
 
Hope to see you around in the future...and not just if you have an issue...;)
 
Regards
 
 
Baldrick
Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
N
Rank
Userlevel 3
Do you still have that file in quarantee?  You might try submitting it to:  www.virustotal.com and see what it comes up with!
 
 
Ssherjj
Rank
Userlevel 7
Badge +62
Hi Nerf8..that's a great idea!

Thanks,
Sherry
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Win 32.User Added means the user marked it bad and I assume support has got the OP fixed up and sorted.
 
Daniel 😉
N
Rank
Userlevel 3
YOu are welcomed Sherry!  Then again!  Like another user reported, it just could be a false positive that WRSA has detected and I think a person can configure WRSA to ignore that file during scans!
 
 
Ssherjj
Rank
Userlevel 7
Badge +62
Hello..boondabah!

Thanks, Sherry
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.