Solved

Webroot Threats in Mobile Android

  • 22 April 2019
  • 27 replies
  • 3784 views

Userlevel 7
Badge +55
Is anyone having continuous threats popping up with Webroot Mobile Security? I just had to reset my Samsung Note 8 this morning and I'm getting this Threat from Outlook. False positives perhaps?



icon

Best answer by freydrew 23 April 2019, 06:05

If you use Webroot on an Android phone and see multiple ‘infected file’ notifications, please upgrade to version 5.5.5 from the Google Play Store.

Once you’re running the latest version, additional steps may need to be taken:

1) If you quarantined the affected apps, resolve by:
a. Following the steps to restore apps from quarantine in the attached doc. Each app must be un-quarantined separately.

2) If you did not quarantine or uninstall the affected apps, resolve by:
a. Waiting until after 11pm MST April 22, 2019 as this will allow the app cache to clear automatically. After this time, no new notifications relating to this issue will occur.

3) If you uninstalled apps identified as infected, resolve by:
a. Re-installing any apps that were deleted by downloading the latest version from the Google Play Store.

We appreciate your patience on this. If you have any questions, feel free to open a customer support ticket at support.webroot.com.
View original

27 replies

Userlevel 3
Badge +9
Yes, all android mobile devices in our house are doing this. I told my partner to ignore it. Something wrong somewhere.

Not just base.apk, but also all the evenwell files on my Nokia phone too.
Userlevel 7
Badge +55
Thank you @kach for confirmation. Looks like the Webroot Mobile is tagging False Positives.
Userlevel 1
Badge +1
Yes, same here on 5.5.5.38787.
List is increasing, and these are programs that I've been using for a while. Assuming they are false positives. Hopefully something will be done about it soon. Side note: my droidhen texas holdem game will no longer connect to internet as of this morning. Neither wifi nor mobile data.

Userlevel 1
Badge +1
just started happening to me too. Identified 5 apps on my google fi nexus 6p as threats including outlook, google fi app, joann fabrics, and united airlines
Userlevel 7
Badge +55
Thanks as well @Stvhorn for that information..hoping this gets taken care of soon.

@freydrew can you check this out?
Userlevel 1
Badge +1
I'm having the same issue. It's detecting Outlook for Android as a trojan, with the same SHA1 hash as Ssherjj's in the picture above.
Userlevel 1
Badge +1
Yep. False positives everywhere. 5.5.5.38787, Android.

Uber, Walmart, The Weather Channel, Google Pay, Shazam, PlayStation, SimpliSafe, Atom Tickets

All listed as Trojans or unspecified threats. Uninstalled Webroot until the issue resolves. Getting way too many warnings, my phone was getting bombarded with them.
Badge +1
Same for me Samsung Note 9 - 32 items none of which can be quarantined or removed
Looks like all are Samsung based controls. Threats notices appeared after I clicked on a valid telephone number on a website. So not sure if these are false positives or real Trojan. Installed Avast and it found zero threats????
Userlevel 1
Badge +1
I submitted a ticket to Webroot's customer service with the app that my copy of Webroot was detecting and the mobile logs. They just replied back to me saying that they corrected the definition. I rescanned my phone, and it's not hitting the false positive anymore. So submitting tickets seems to work.
Userlevel 1
Badge +1
@ordervine
Don't think phone specific, I'm using Huawei Mate Se.
More than likely, something with last virus definitions update.
Userlevel 7
Badge +36
We are aware of the situation and are working to address it. We will keep this thread updated as we know more.
Badge +1
The same thing is happening on my samsung tab S3. I started the device and ran a scan, and then it identified the google maps app as a threat. It showed com.google.android.apps.base.apk as a trojan. And then right after I restarted again it showed the keyguard wallpaper updater as a threat (keyguardwallpaperupdator.apk). I have malwarebytes and its not picking anything up. Must be a false positive.
Badge +2
Note 9 is all trojan and I removed normal apps like duckduck go and grub hub and many others thinking they were trojans and it of course couldn't remove Phone and all of the core android applications
Userlevel 3
Badge +9
Definitions must have been updated. Rescanning my Nokia phone now gives the result "You are protected, no problems detected".

Edit: Samsung keyguardwallpaperupdater is still being detected.
Badge +1
Same here - seems my camera, live wallpaper app, and a game (I have used for 5 years) are threats to be removed, but I am unable to do so and get error code _1010. This is really getting old.
Badge +1
Sorry - me again - I use a J7 and have the new, "fixed", 5.5.5 version.
Badge +1
com.skype.raider on my LG Aristo 2 plus also showing as a trojan.
Userlevel 7
Badge +55
Hello Webrooters,

I uninstalled and reinstalled Webroot Mobile and I'm not getting anymore threats so far. Which is worth a try. I left the Beta and now using the released version.
Badge +3
I received 18 virus threats. I have never had any threat before. My story is as above. Hard to use phone, as screen keeps going back to red tinted

warning screen.
Userlevel 7
Badge +47
If you use Webroot on an Android phone and see multiple ‘infected file’ notifications, please upgrade to version 5.5.5 from the Google Play Store.

Once you’re running the latest version, additional steps may need to be taken:

1) If you quarantined the affected apps, resolve by:
a. Following the steps to restore apps from quarantine in the attached doc. Each app must be un-quarantined separately.

2) If you did not quarantine or uninstall the affected apps, resolve by:
a. Waiting until after 11pm MST April 22, 2019 as this will allow the app cache to clear automatically. After this time, no new notifications relating to this issue will occur.

3) If you uninstalled apps identified as infected, resolve by:
a. Re-installing any apps that were deleted by downloading the latest version from the Google Play Store.

We appreciate your patience on this. If you have any questions, feel free to open a customer support ticket at support.webroot.com.
Badge +2
Having the exact same issue with com.skype.raider base.apk
Today is the 23rd way past the time specified by freydrew

Feels like Webroot team is making big move lately, introducing much regression. Before I was suffering from Scan out of Date... and now this.. 😞
Badge +1
I opened a support ticket and they told me that they are aware of the problem. They said several false positives were sent out for android applications and that the problem would be fixed shortly. They said that within the hour the problem would be fixed. As of right now, webroot is scanning and shows no threats. So everything looks good on my end. I just restarted my device and re- opened webroot and the problem went away. So I'm not sure what they did or if the app is fixed now. I'm still getting an app icon notification for webroot though.

Edit: The app has crashed on me several times after the false positives went away. And the app icon badge still shows that there is a notification. What is this notification? Probably another glitch

Edit #2 : If I press and hold the app icon it shows in the notification window that I am protected and that no problem are detected. So I guess the #1 badge icon is simply to show you that you are protected? It didn't show a notification before all these problems started...
Badge +2
I just opened a support ticket for com.skype.raider

So far, webroot still considers Skype as malicious
Userlevel 7
Badge +34
now I have same problem.

my webroot is update and latest version. find some malware , but can not Quarantine or deleted threats !!!

why ?!

Amir
Userlevel 7
Badge +55
now I have same problem.

my webroot is update and latest version. find some malware , but can not Quarantine or deleted threats !!!

why ?!

Amir

What version do you have installed?

Would it be this one? https://play.google.com/store/apps/details?id=com.webroot.security&hl=en

Current Version
5.5.5.38787

I'm on a Beta which is version: 5.5.7.42602 and don't see any issues?

Thanks,

Reply