Solved

Hacked with webroot running?

  • 26 December 2015
  • 7 replies
  • 967 views

I am running webroot SecureAnywhere on my Win 7 PC and have concerns that I may have been hacked.   I have a few questions to see if you can dispel my fears.
 
My concern is that I was attempting to add a "non-secure" network printer directly to my PC and I'm wondering if this connection/port could have been used to hack into my PC and load/run some erroneous software.    Am I exposed with this network printer?   Can Webroot detect/prevent this exposure?    I recall a brief message indicating a non-secure network.  
 
Since adding this printer on 12/15, I noticed that Webroot was updated in my control panel programs on 12/16 without my knowledge.    I don't know if this was a coincidence with a new version of Webroot or a spoof related to the new printer.   
 
In googling I saw that a new version 9.0.7.42 of Webroot was released on 12/15 so it seems like a valid upgrade.    Would Webroot do this auto upgrade of this new version.
 
A few days after the new Webroot version was loaded on 12/16, I noticed that there was a  "gotomeeting" upgrade on 12/19.  I don't know if this was again an auto upgrade or a spoof.    I was hacked once before with a gotomeeting type program so I'm concerned about this upgrade.
 
Then on 12/21, I booted my PC but did not have the wireless enabled.    After a few minutes, there was a windows security popup stating that "the following program would like to make changes to you computer- Yess|No".    There was additional info about the WRSA.exe program including the details of the certificate which looked OK.  
 
I was concerned about this being a spoof program, but after reloading my PC with all orig SW, I was able to repro the same message.     So this seems like an OK behavior/message with 9.0.7.42.   Can you confirm?
 
Lastly, I noticed that if I boot my PC with wireless off, Webroot will hang during a scan.    And if I enable wireless, it still hangs.     I have to kill a sub-process, to get Webroot to work again.   Is this expected behavior.
 
Thanks for your help.
 
Regards Jamie Cohen 
 
 
icon

Best answer by JustCheckingIn 13 August 2016, 07:41

View original

7 replies

Userlevel 7
Badge +6
? are you worried you got hacked because your WRSA got updated and you didn't notice it?? If you want to see the actual update run you have to be pretty fast because Secure Anywhere's fast in every way imaginable... 
Secondly about the WRSA asking you to allow it to do changes to your computer.. Don't worry yet again.. There's a bit of a known issue with WRSA at the moment and all you need to do to remain protected is to click on yess and allow the wrsa process to make the changes ...
 
About the other issues maybe one of the more senior experts can fill you in more.. But i'm pretty much sure all your worries are for nothing. 
I got hacked by an IT company on the web this last July 22, with Webroot installed, running, and activated. I received an urgent notice on the screen, with alarm bells on my speakers - My screen said "You have been hacked. If you try to avoid this notic, or attempt to reboot your computer or re- store a prior date, you will lose ALL your data and files. You have been warned. Call 888-255-8309 or whatever. 
 
I called led out of desperation because I had just been hacked 2 months before again, with Webroot fully activated. And the guy said you'll have to pay up to get fixed. I said how did you do it? I have Webroot secure access running, you should be blocked! He said , heh heh, it stops viruses, it doesn't prevent hacks, HEH HEH.!! 
 
Scum
 
i have now paid twice because of hacks, so I just switched to Malwarebytes, an anti exploit, and an anti RANSOMWARE program, maybe that will slow them down. How do they do this? Everyone tells me Webroot is one of the best. That has not been my experience. I have the hackers name and phone number if you want to ask him how.
 
Alex
 
?
 
THIS IS A SCAM!!  Neither Microsoft nor any other company sends emails, pop ups, or phone calls of any kind advising that you may have a problem.
 
If you clicked on any links, allowed them to remote into your computer, or went to any websites please Submit a Support Ticket ASAP.  (Now would be a good idea....)
 
If you would like more information, read on (After submitting that Trouble Ticket.....)
 
NEWS ARTICLE: Tech Support Scams are on the rise.
 
 
Microsoft never issues this type of warning or email or anything of a sort!  Please see the following link for Microsoft's official word on this:
http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
 
"Neither Microsoft nor our partners make unsolicited phone calls (also known as cold calls) to charge you for computer security or software fixes.
 
Cybercriminals often use publicly available phone directories so they might know your name and other personal information when they call you. They might even guess what operating system you're using.
 
Once they've gained your trust, they might ask for your user name and password or ask you to go to a website to install software that will let them access your computer to fix it. Once you do this, your computer and your personal information is vulnerable."
 
Also see Avoid scams that use the Microsoft name fraudulently
http://www.microsoft.com/security/online-privacy/msname.aspx 
 
 
For more information here's what the United States Federal Trade Commission has to say on the subject::
http://www.consumer.ftc.gov/articles/0346-tech-support-scams
 
"In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they've detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don't need.
 
These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it's important to install security software. But the purpose behind their elaborate scheme isn't to protect your computer; it's to make money."
 
This scam is common and has been around for quite a while.  Here is a good Webroot Blog article from April 2013 by Threat Researcher Roy Tobin.
http://www.webroot.com/blog/2013/04/30/fake-microsoft-security-scam/
 
Also add a good free Ad Blocker like the ones suggested below:
 
For Internet Explorer Ad Block Plus: https://adblockplus.org/
 
For Firefox uBlock Origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=ss or Privacy Badger: https://addons.mozilla.org/en-us/firefox/addon/privacy-badger-firefox/

 
Google Chrome uBlock Origin: https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en or Privacy Badger: https://chrome.google.com/webstore/detail/privacy-badger/pkehgijcmpdhfbdbbnkijodmdjhbjlgp
 
Sorry to say ?, but you have been scammed. Twice. A good ad-blocker probably would have prevented the notification you responded to. The popup was most likely fed to you from a site you visited. Afaik, Malwarebytes will not prevent them either. You may contact support to submit a trouble ticket, but if Webroot has been uninstalled I'm not sure if it would help.
 
 
 
BD
 
________________________
Userlevel 7
Hi Al1950abc
 
Welcome to the Community Forums.
 
I am afraid that you have been misinformed in terms of the attack...what was causing the message you saw the 2nd time was not a hack but most likely due to adware or a Potentially Unwanted Application (PUA)...the message itself does not indicate you have been hacked but rather tries to scare you into thinking that you have a problem, calling the scammers and then allowing them access to fix the issue or paying them to go away.
 
WSA does protect against true hacking, i.e., an unknown/uninvited person accessing your system clandestinely...but it cannot protect against the attack that you suffered.
 
If the source of the 'attack' attack was a PUA then itis more than likely that it 'piggy backed' onto your system with other software that you installed. I am not saying it was a PUA as it could just have been browser related adaware but PUAs are a real threat and the key to avoiding them is to make sure that when downloading apps one does so from the author's own website or one that they have recommended, and not 3rd party downloading site.
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behaviour that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs..
 
Anyway, just to say that I hope that you current secuirty setup works for you.
 
Regards, Baldrick
 
By the way, THIS LITTLE HACK Cost ,me $ 199.00. , THE FIRST ONE resulted in 229$ worth of Geek Squad repairs. That's over 400$ worth of hack damage in two short months.
Userlevel 7
That is unfortunate & I very much sympathise but that does not detract that it was not in all probablity a hack but rather scammers tricking people into believing that they are hacked, to either gain access to the victim's machine or to effectively extort monies.
 
These people are scum...but unfortunately are relatively difficult to track down and bring to book. :(
 
Regards, Baldrick
Badge +1
You were not hacked, you were deceived by a basic "social engineering" tactic. Webroot cannot protect against social engineering attacks because social engineering attacks target human behavior, not technology. 
 
Pardon my frankness,  sir, but that's the reality of the situation. 
 
 
 
 
 

Reply