Did You Know?



Reply
New Member
whyinfected
Posts: 1
Registered: ‎02-28-2012
Accepted Solution

Webroot won't remove malware

After a total 3 visits to best buy, this virus still hasn't been removed... It looks like they used atleast 4 different programs to remove it, but it still remains on my laptop. Heres what is says on the scan, copied any pasted: c:\$mbr.1     Win32.Autolock.1

After it "removes" the virus and restarts the virus is still there after another scan... The malware also shows up on Windows task manager

crss.exe

winlogon.exe

atieclxx.exe

 

The processes don't have a user name and no description

When I try to end them it says Access Denied even though I'm on the Administrative profile, the only profile on my laptop.

Webroot finds the threat, but doesn't remove it, help

Please use plain text.
Webroot Employee
Shreel
Posts: 10
Registered: ‎01-19-2012

Re: Webroot won't remove malware

 

Hello Whyinfected, 

 

It is very important to submit the support ticket, specially when you have infection related question, so please submit the support ticket from the link below. Some one from the support team will be more than happy to resolve that for you.

 

Create a Support Ticket

 

Please enter your email address into the form and then fill out the requested information on the page that appears.  You will then be contacted with further instructions on how to fix the problem.

 

Thanks,

 

Shree

Please use plain text.
Retired Webrooter
Retired Webrooter
Kit
Posts: 359
Registered: ‎01-19-2012

Re: Webroot won't remove malware

For the elucidation of other folks who may end up reading this...

 

Anytime that a threat shows up that is not able to be removed, or keeps coming back, please contact our support team for us to help you directly and for free.

 

That being said, the proceses mentioned in the message are not normally malicious processes.  csrss, winlogon, and others are system processes that form the foundation of the computer.  If you are a power user and are unsure about the status of a process, you can go into SecureAnywhere, click System Tools on the left, and then click Start under Control Active Processes.

 

BE VERY CAREFUL on this screen!!

 

Anything that is marked as allow is something that we, Webroot, have determined is safe.  You should generally avoid changing anything at all, as doing so improperly can cause a catastrophic system failure. (It's kind of like saying you should be careful where you swing that hammer, because you can damage walls or dishes or stuff.  This is not obviously a hammer, but it has the same capability to cause damage if you do the wrong things with it.)

 

Anything that is marked as "Monitor" is just something that we may not know about yet, or your computer has not yet found out that we know about it.  SecureAnywhere is watching it closely, just in case it does something bad.  Anything that is marked as "Block" will be blocked from operating.  Blocking the wrong things can crash the system and make it no longer work, so be cautious.

 

But, once again, anytime you are unsure, simply contact our support for free and we'll take a look at it for you.  We can't always take the time to explain why something is OK, but we can see its soul, so to speak, so we can tell if it's really good or not.


Kit - Prior Webroot Quality Assurance / Prior Webroot Escalation Engineer

Please use plain text.