Solved

Webroot won't remove malware

  • 29 February 2012
  • 5 replies
  • 1711 views

After a total 3 visits to best buy, this virus still hasn't been removed... It looks like they used atleast 4 different programs to remove it, but it still remains on my laptop. Heres what is says on the scan, copied any pasted: c:$mbr.1     Win32.Autolock.1
After it "removes" the virus and restarts the virus is still there after another scan... The malware also shows up on Windows task manager
crss.exe
winlogon.exe
atieclxx.exe
 
The processes don't have a user name and no description
When I try to end them it says Access Denied even though I'm on the Administrative profile, the only profile on my laptop.
Webroot finds the threat, but doesn't remove it, help
icon

Best answer by Kit 2 March 2012, 21:06

View original

5 replies

 
Hello Whyinfected, 
 
It is very important to submit the support ticket, specially when you have infection related question, so please submit the support ticket from the link below. Some one from the support team will be more than happy to resolve that for you.
 
Create a Support Ticket
 
Please enter your email address into the form and then fill out the requested information on the page that appears.  You will then be contacted with further instructions on how to fix the problem.
 
Thanks,
 
Shree
Userlevel 7
For the elucidation of other folks who may end up reading this...
 
Anytime that a threat shows up that is not able to be removed, or keeps coming back, please contact our support team for us to help you directly and for free.
 
That being said, the proceses mentioned in the message are not normally malicious processes.  csrss, winlogon, and others are system processes that form the foundation of the computer.  If you are a power user and are unsure about the status of a process, you can go into SecureAnywhere, click System Tools on the left, and then click Start under Control Active Processes.
 
BE VERY CAREFUL on this screen!!
 
Anything that is marked as allow is something that we, Webroot, have determined is safe.  You should generally avoid changing anything at all, as doing so improperly can cause a catastrophic system failure. (It's kind of like saying you should be careful where you swing that hammer, because you can damage walls or dishes or stuff.  This is not obviously a hammer, but it has the same capability to cause damage if you do the wrong things with it.)
 
Anything that is marked as "Monitor" is just something that we may not know about yet, or your computer has not yet found out that we know about it.  SecureAnywhere is watching it closely, just in case it does something bad.  Anything that is marked as "Block" will be blocked from operating.  Blocking the wrong things can crash the system and make it no longer work, so be cautious.
 
But, once again, anytime you are unsure, simply contact our support for free and we'll take a look at it for you.  We can't always take the time to explain why something is OK, but we can see its soul, so to speak, so we can tell if it's really good or not.
Please could someone help me with this virus or malware, im not exactly sure what it is but when webroot expired I downloaded the free AVG protection and I got this other thing called PC fix speed system optimizer. After I downloaded webroot again I was able to delete AVG but I couldnt delete PC fix speed, Ive been into the control panel and uninstalled multiple time but to no avail it wont leave. I keep getting pop up everytime I log onto the internet now and its really slowing down my computer. I thought webroot would be able to delete it with the "erase permanently with webroot" thing but it keeps popping up. Any advice would help because I would really like to get the virus off.
Userlevel 7
Badge +62
@ wrote:
Please could someone help me with this virus or malware, im not exactly sure what it is but when webroot expired I downloaded the free AVG protection and I got this other thing called PC fix speed system optimizer. After I downloaded webroot again I was able to delete AVG but I couldnt delete PC fix speed, Ive been into the control panel and uninstalled multiple time but to no avail it wont leave. I keep getting pop up everytime I log onto the internet now and its really slowing down my computer. I thought webroot would be able to delete it with the "erase permanently with webroot" thing but it keeps popping up. Any advice would help because I would really like to get the virus off.
Hi BrandonManaa,
 
Welcome to the Coummunity Forum,
 
Would you try to follow these instructions? After doing some research I find to remove this from your computer means going into the registry,,so you can try this below first and then issue a Support Ticket!
 
What you are seeing and describing sounds like it may be what we on the Community refer to as a PUA. (Potentially Unwanted Application) These are very annoying at best in that they cause pop-us, redirect your browser home page, and other behavior that may slow down the computer and direct ads your way, but they are not actually doing anything bad like damaging files or stealing information. Often they are installed intentionally by you the user as browser add-ons for various tasks such as quick search tools.. but they also come with the result of added annoying pop-ups and ads. Other times they 'piggy back' with other software that you installed, or try to 'sneak' onto your system entirely.
 
WSA does detect and remove many PUA's, and more are being added, but WSA does not detect all of them. A simple browser add-on with PUA behavior that is easy to identify and easy to remove is not likely to be detected and removed by WSA. Those that are intentionally difficult to locate and remove are. Please see THIS LINK for more information regarding Webroot's stance on these annoying programs.
 
For those that are not detected by WSA, please see this KB Article. It has some easy to follow directions on locating and removing PUA's. You may also want to submit a Trouble Ticket, especially if you cannot remove it easily from the directions in the KB Article.
 
For those that ARE detected by WSA, but cannot be removed automatically, you can submit a Trouble Ticket.  Webroot Support will help you get these annoying 'crapware' off your computer at no extra charge, and the additional examples may help to better automatic removal of that particular PUA for all users in the future.
 
To make sure that your WSA is checking for PUA's with the best proficiently, it sometimes helps to reset the PUA detection within WSA's settings. For PUA's that had previously been scanned and determined to be OK, but have since been added to detection/removal, you may want to complete the following steps:
 
  • Open Webroot SecureAnywhere
  • Click on ‘Advanced Settings’ from the top right
  • Select ‘Scan Settings’ from the left side
  • Unselect the option “Detect Potentially Unwanted Applications”
  • Click on the Save button (you may have to enter in a CAPTCHA)
  • Reselect the option to “Detect Potentially Unwanted Applications”
  • Click on the Save button
  • Run another scan with Webroot and remove any items that get detected.
To help avoid PUA's in the future, remember to read all of the information when installing or updating software (Adobe downloads often have those "extra special offers"attached... PUA'S!: often the PUA included will be mentioned, and you can opt out of installing it.  Those check boxes you see? Usually only one of them is for the User Agreement of the software you want, the others are for the junk you don't.
 
 I hope this helps you to understand, and resolve the problem and if not please let us know!
 
 
Best Regards,
Userlevel 7
Hi BrandonManaa
 
Welcome to the Community Forums.
 
Firstly, what yo are seeing is not a virus or malware...it is a system optimization program, which promises to increase PC speed and repair registry errors. However, in reality, it provides no real benefit given what it does, i.e., scans registry for outdated entries, reports them and offers to remove them. So, whilst not a virus or malware, it appears that seems that PC Fix Speed is trying to create a need of its licensed version.
 
As a result the messages should be ignored, and it treat as a PUA, as described in Sherry's post...but as I said previously be reassured that you are not subject to virus r malware infection in respect to this specific piece of software.
 
Hope that assists?
 
Regards, Baldrick

Reply