Question

Webroot and Caution.rootkit

  • 8 August 2019
  • 3 replies
  • 119 views

Badge +1
So I read the previous string on getting rid of Caution.rootkit which, as I understand it, basically says to uninstall WSA and reinstall it with defaults vice custom settings. Does this mean your custom settings, such as heuristics, don't work? How would I know if I really do have Caution.rootkit or if Webroot is giving me a false positive? And lastly, why do I have to go through the whole uninstall and reinstall drill for this issue anyway?

3 replies

Userlevel 7
Badge +55
Hello @vickanid and Welcome to the Webroot Community!

Is this what your seeing? CurrentControlSet detection's


Do you have your heuristics set to Max?


If you do then yes it would be best to do a clean reinstall with default settings and you can try to set to Max again as I have mine always set to Max without issues. See this thread about it https://community.webroot.com/webroot-secureanywhere-antivirus-12/what-could-cause-the-caution-rootkit-virus-to-return-a-day-later-258967#post259496

Please follow the steps closely!

  • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
  • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
  • Download a Copy Here (Best Buy Subscription PC users click HERE) Let us know if it is the Mac version you need.
  • Uninstall WSA and Reboot
  • Install with the new installer, enter your Keycode and don't import any settings if asked to as you can set it up as you like once it's done
  • Let it finish it's install scan
  • Reboot once again
Please let us know if that resolves your issue?

Thanks,

Daniel 😉
Badge +1
Thanks, Daniel, but that doesn’t answer my questions. I did have my heuristic set to max but now it seems that it may give false positives? Did I actually have the caution.rootkit infection or not?

While your process “fixes” the problem it doesn’t address the real question which is why do I have to do it in this situation to clear this possible infection? Is webroot buggy?
Userlevel 7
Badge +32
Thanks, Daniel, but that doesn’t answer my questions. I did have my heuristic set to max but now it seems that it may give false positives? Did I actually have the caution.rootkit infection or not?

While your process “fixes” the problem it doesn’t address the real question which is why do I have to do it in this situation to clear this possible infection? Is webroot buggy?


Hello @vickanid,

Setting the heuristic settings to maximum increases the chance for false positives - this is expected behavior, and we recommend leaving your heuristic settings at the default because of this.

The caution.rootkit detections are likely false positives based on what we've seen from other users when they have set heuristics to maximum. If you are still concerned that you may be infected you can Submit a Support Ticket and we can have a look.

The uninstall and reinstall is recommended because it is the best way to ensure that those traces are no longer seen as bad and are not detected again based on the information that you have provided.


-Dan

Reply