To Customer Support To Customer Support
Solved

Webroot and Caution.rootkit

V
Rank
Badge +1
So I read the previous string on getting rid of Caution.rootkit which, as I understand it, basically says to uninstall WSA and reinstall it with defaults vice custom settings. Does this mean your custom settings, such as heuristics, don't work? How would I know if I really do have Caution.rootkit or if Webroot is giving me a false positive? And lastly, why do I have to go through the whole uninstall and reinstall drill for this issue anyway?
icon

Best answer by DanP 9 August 2019, 17:12

View original

10 replies

TripleHelix
Rank
Userlevel 7
Badge +63

Hello @vickanid and Welcome to the Webroot Community!

Is this what your seeing? CurrentControlSet detection's
 

fcb78f4a-4d0e-4e78-853a-4b5749b08731.png


Do you have your heuristics set to Max?

 

 

2248f774-a5ec-4e55-ba13-252a136616ee.png


If you do then yes it would be best to do a clean reinstall with default settings and you can try to set to Max again as I have mine always set to Max without issues. See this thread about it https://community.webroot.com/webroot-secureanywhere-antivirus-12/what-could-cause-the-caution-rootkit-virus-to-return-a-day-later-258967#post259496

Please follow the steps closely!

 

 

 

 

  • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
  • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
  • Download a Copy Here (Best Buy Subscription PC users click HERE) Let us know if it is the Mac version you need.
  • Uninstall WSA and Reboot
  • Install with the new installer, enter your Keycode and don't import any settings if asked to as you can set it up as you like once it's done
  • Let it finish it's install scan
  • Reboot once again

Please let us know if that resolves your issue?

Thanks,

Daniel 😉

 

 

Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
V
Rank
Badge +1
Thanks, Daniel, but that doesn’t answer my questions. I did have my heuristic set to max but now it seems that it may give false positives? Did I actually have the caution.rootkit infection or not?

While your process “fixes” the problem it doesn’t address the real question which is why do I have to do it in this situation to clear this possible infection? Is webroot buggy?
DanP
Rank
Userlevel 7
Badge +35
Thanks, Daniel, but that doesn’t answer my questions. I did have my heuristic set to max but now it seems that it may give false positives? Did I actually have the caution.rootkit infection or not?

While your process “fixes” the problem it doesn’t address the real question which is why do I have to do it in this situation to clear this possible infection? Is webroot buggy?

Hello @vickanid,

Setting the heuristic settings to maximum increases the chance for false positives - this is expected behavior, and we recommend leaving your heuristic settings at the default because of this.

The caution.rootkit detections are likely false positives based on what we've seen from other users when they have set heuristics to maximum. If you are still concerned that you may be infected you can Submit a Support Ticket and we can have a look.

The uninstall and reinstall is recommended because it is the best way to ensure that those traces are no longer seen as bad and are not detected again based on the information that you have provided.


-Dan
Webroot Threat Research
durantash
Rank
Userlevel 7
Badge +37

Hi,

i set  heuristic settings to maximum, and after scan show these are rootkit

HKLM\SYSTEM\ControlSet001\Services\BITS\Parameters\ServiceDll

HKLM\SYSTEM\ControlSet001\Services\Schedule\ImagePath

HKLM\System\CurrentControlSet\Services\Schedule\Parameters\ServiceDll

HKLM\System\CurrentControlSet\Services\Schedule\Parameters\ServiceDllUnloadOnStop

HKLM\System\CurrentControlSet\Services\Schedule\AtTaskMaxHours

HKLM\System\CurrentControlSet\Services\Schedule\Security\Security

HKLM\System\CurrentControlSet\Services\Schedule\DependOnService

HKLM\System\CurrentControlSet\Services\Schedule\Description

are they false positives ?

i clear their ?

Regards,

Amir

 

Security Softwares & Antivirus Business & Market Analyzer * Write near 5000 Topics about AntiVirus on my Blog ( Persian Language ) : www.disna.ir ( more than 500 topics about Webroot ) * Do you know Where is Durantash ? my profile picture is part of Durantash ( Ziggurat , Chogha Zanbil )
DanP
Rank
Userlevel 7
Badge +35

Hello @durantash,

 

Since those only showed up after setting your heuristics to maximum, those are likely False Positives. You will want to set your heuristics back to the standard setting and may wish to do an uninstall/reinstall as well.

 

Thanks,

 

-Dan

Webroot Threat Research
durantash
Rank
Userlevel 7
Badge +37

Hello @durantash,

 

Since those only showed up after setting your heuristics to maximum, those are likely False Positives. You will want to set your heuristics back to the standard setting and may wish to do an uninstall/reinstall as well.

 

Thanks,

 

-Dan

H Dan,

i clear subjects and reset computer. 

maybe clear these false positives , make problem for computer?

 

Regards ,

Amir

Security Softwares & Antivirus Business & Market Analyzer * Write near 5000 Topics about AntiVirus on my Blog ( Persian Language ) : www.disna.ir ( more than 500 topics about Webroot ) * Do you know Where is Durantash ? my profile picture is part of Durantash ( Ziggurat , Chogha Zanbil )
TripleHelix
Rank
Userlevel 7
Badge +63

Hello @durantash,

 

Since those only showed up after setting your heuristics to maximum, those are likely False Positives. You will want to set your heuristics back to the standard setting and may wish to do an uninstall/reinstall as well.

 

Thanks,

 

-Dan

H Dan,

i clear subjects and reset computer. 

maybe clear these false positives , make problem for computer?

 

Regards ,

Amir


No issues as Webroot can’t remove those False Positives in any case. See for more info: https://community.webroot.com/webroot-secureanywhere-antivirus-12/what-could-cause-the-caution-rootkit-virus-to-return-a-day-later-258967#post259496

Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
TripleHelix
Rank
Userlevel 7
Badge +63

@durantash for some reason the Spam Filter grabbed your last 2 post so I put them back.

Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.