To Customer Support To Customer Support

various .exe files labeled as various threats

  • 3 April 2015
  • 5 replies
  • 316 views
T
Rank
I have several .exe files i obtained from what i thought was a trusted source. webroot is identifying them as threats.  i want to believe that the source IS trusted and nothing is wrong with the files as these are programs that i would like to use and have paid for. I want to believe that i just have my security settings VERY tight. I tried some research of my own and have not really had any success good or bad. could i pretty please have someones take on it that is more knowledgeable than myself? in searching the forums i have noticed you guys like the scan logs so i have taken the liberty to provide the portion of this vast(WOW thats a lot of text! )scan log that i am assuming pertains to these files. thanks in advance for any help i receive.
 
Thu 2015-04-02 16:40:28.0356    Scan Started:  [ID: 51 - Flags: 551/16]
Thu 2015-04-02 16:41:15.0060    Monitoring process C:Program FilesWebrootWRSA.exe [F479D2E967540DCFE9060A5F440A319A]. Type: 0 (8351)
Thu 2015-04-02 16:41:37.0490    Infection detected: c:usersjounindesktopad machineproducts to selleasypopupgeneratoreasypopupgeneratorsoftwareeasy popup generator.exe [MD5: EBBD3072CF4979D55D8AA2F9C6B44FEF] [3/00080020] [W32.Malware.Gen]
Thu 2015-04-02 16:41:37.0492    Infection detected: c:usersjounindesktopad machineproducts to sellvlibraryvlibrary.exe [MD5: 6F516526488CE5833D9EDA31CDFA1023] [3/00000020] [W32.Trojan.Gen]
Thu 2015-04-02 16:41:37.0493    Infection detected: c:usersjounindesktopad machineproducts to sellautoresponderunlimitedonuswmpsequential magicsequentialmagic.exe [MD5: 0D2A2ACDD73A6F504E4FFBE2B6800F83] [3/00080020] [W32.Malware.Gen]
Thu 2015-04-02 16:41:37.0494    Infection detected: c:usersjounindesktopad machineproducts to sellcratepptoolbarsfreetoolbars.exe [MD5: 87C3C633221F2FC5413C09083B79528E] [3/00080020] [W32.Malware.Gen]
Thu 2015-04-02 16:41:37.0495    Infection detected: c:usersjounindesktopad machineproducts to sellzoomstatsprozoomstatsprohotlist_zoomstatspro.exe [MD5: 20AD1A41A8C99101CED62D8B83DE50E4] [3/00080020] [W32.Trojan.Plapon.jli]
Thu 2015-04-02 16:41:37.0499    Infection detected: c:usersjounindesktopad machineproducts to sellsimplephpredirectsimplephpredirectsoftwaresimplephpredirect.exe [MD5: D0A0F4895DB2B4989B713E4717E2CB7E] [3/00080020] [W32.Malware.Gen]
Thu 2015-04-02 16:42:15.0733    Infection detected: c:usersjounindesktopad machineproducts to sellclickmagnetclickmagnet.exe [MD5: 5C04D8343229251830E50AA128C062D0] [3/00000020] [W32.Trojan.Gen]
Thu 2015-04-02 16:42:15.0736    Infection detected: c:usersjounindesktopad machineproducts to sellptgptg.exe [MD5: A896D84D080825A5F359FDB118664A8C] [3/00080020] [W32.Malware.Heur.Dkvt]
Thu 2015-04-02 16:42:15.0737    Infection detected: c:usersjounindesktopad machine raining8_traininghtmlsimplifiedvideoshtmlsimplified.exe [MD5: A42D7AE141DEB8832127AF1EC0495432] [3/00080020] [(null)]
Thu 2015-04-02 16:42:17.0840    Scan Results: Files Scanned: 44720, Duration: 1m 49s, Malicious Files: 9
Thu 2015-04-02 16:42:17.0880    Scan Finished: [ID: 51 - Seq: 2147000000]

5 replies

Ssherjj
Rank
Userlevel 7
Badge +62
Hello thelittlescamp,
 
Welcome to the Community Forum,
 
Look here at these PC User Guide articles that can help you with unblocking. If you are absolutely positive these exe.files are safe.
 
Controlling active processes
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C10_SystemControl/CH10b_ControllingPr...
Blocking/Allowing files
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C5_Quarantine/CH5b_BlockingAllowingFi...
Managing protected applications
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C6_IDProtection/CH6c_ManagingProtecte...
Managing active connections
http://www.webroot.com/En_US/SecureAnywhere/PC/WSA_PC_Help.htm#C4_Firewall/CH4c_ManagingActiveConnec...
 
You can submit a Support Ticket if you need files whitelisted.
 
 
Lets try to put into English the essence of the areas where a user can tailor what WSA does to protect the system
 
There are essentially 3 key areas where this can happen/a user can override WSA.  These are essentially reached, from the main WSA panel, as follows:
 
1. PC Security > Quarantine > Detection Configuration
2. Identity & Privacy > Protected Applications
3. Utilities > System Control > Control Active Processes
 
and once there the user usually has the options to:
 
A. "Allow"
B. "Protect/Monitor"
C. "Block/Deny"
 
In the case of 1. Detection Configuration
 
If an item is set to:
 
- "Allow", WSA ignores it during scans and shield actions, meaning if it's a virus that has been allowed, it can continue acting as a virus acts.  Be careful of what you allow in this area and ensure it's something you trust implicitly if you are going to change the status from Block to Allow.
 
- "Monitor", WSA will watch the item to determine if it is legitimate or related to malware.  It is not necessary to add files into this list or set files to monitor manually unless you are changing them from a Block or Allow status.  This might be useful if for example you think Webroot might have had a false positive on something and you want to check again at a later time to see if the determination has changed.  You could set it to Monitor and have Webroot check it again.
 
- "Block", then WSA will treat the items as it would detected malware.  It will not be executed, and it will not be written to your hard drive.  Detected infections are automatically set to a Block status.
 
In the case of 2. Protected Applications (Internet Security & Complete version ONLY)
 
In this case:
 
- "Allowed applications" are not secured against information-stealing malware, and also have full access to protected data on the system. Many applications unintentionally access protected screen contents or keyboard data without malicious intent when running in the background. If you trust an application that is currently marked as "Deny," you can change it to "Allow."
 
- "Protected applications" are secured against information-stealing malware, but also have full access to data on the system. By default, web browsers are assigned to the "protected" status. If desired, you might also want to add other software applications to "protected," such as financial management software. When you run a protected application, the Webroot icon in the system tray displays a padlock.
 
- "Denied applications" cannot view or capture protected data on the system, but can otherwise run normally.
 
And finally, in the case of 3. Control Active Processes
 
If a process is set to:
 
- "Allow" it means WSA allows it to run on the system. It's important to note that if an item is already allowed here, that's because Webroot knows already from seeing the file before that it's ok to allow.
 
- "Monitor" status means WSA will journal what that program is doing and keep a very close eye on it for any suspicious activity.  Basically it would treat it as if it wasn't already sure about it one way or the other, and it wants to monitor it closely until it's sure about it.
 
- "Block" means just that...iWSA does not allow it to run on the syste.  Be very careful about what you block in this area and ensure that anything you decide to block is a non-essential process.  Otherwise, you could be setting yourself up for a lot of grief if you block something critical.
 
 
Hope this helps,
 
 
Kind Regards,
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
T
Rank
thank you for the quick reply! I guess what i should do is set these to monitor then? i know better than to say anything is 100% sure or safe. i don't believe i have even used these programs yet and really don't want to take a chance at harming my machine. no machine = no money. so to confirm i understand, if i monitor these files and use them webroot will eventually "learn" if they are dangerous and react accordingly?
Ssherjj
Rank
Userlevel 7
Badge +62
Hi thelittlescamp,
 
Setting to Monitor will protect  your computer if it sees a threat occuring.  So yes!
 
"Monitor" status means WSA will journal what that program is doing and keep a very close eye on it for any suspicious activity.  Basically it would treat it as if it wasn't already sure about it one way or the other, and it wants to monitor it closely until it's sure about it."
 
 
Kind Regards,
 
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
Hello and Welcome to the Webroot Community!
 
I would contact support as they are detected as malware and to find out if they are for real or FP's!
 
Thanks,
 
Daniel 😉
T
Rank
thank you very much everyone! :D i will do both as that seems to be the complete solution covering all ends!

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.