Webroot Found A Virus/Maleware But Only blocked It !
Webroot found: C:program fileswrapper_instservice.exe It blocked it but, didn't remove it. Please help! Thanks! margaret
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
You are safe, as WSA IS blocking it from harming the computer, but yes, you do want to get it out! Webroot Support might be the best way to go on helping to get this removed, so you might want to submit a Trouble Ticket (Link below in my signature area). It is the weekend, so I don't know how fast the response times are, but again, until you DO get a response you are protected from it so you should be in good shape!
It's very easy to check. In the 'Block/Allow Files' tab from 'PC Security gear, click on 'Add file'. Select any executable file and block it. Then click 'Remove all' and see what happens.;)
Blocking/Allowing filesIf you want to control scanning and shielding behavior related to specific files, you can use the Block/Allow Files tab to specify one of the following actions:
So far what I've understood is you got a WSA red colored pop-up saying C:program fileswrapper_instservice.exe has been blocked. It's listed in 'Block/Allow Files' tab as blocked. You're afraid WSA did not remove it.
If your situation is the same as my understanding then this is what you have to do.
First click 'Scan my Computer' on the main interface of WSA.
Select the file and click Continue.
Select 'Remove' and click 'Next'.
Click 'Begin Threat Removal'.
After the re-scan has completed go to Quarantine. Select the file and click on 'Delete Permanently'. After deleting go to 'Block/Allow Files' and click on 'Remove All'. Click Yes.
Points to be considered.
If the initial scan shows no threats, go to 'Block/Allow Files' and click on 'Remove All'. Click Yes. This is because the file may have already been removed. And the entry could have been left behind.
This could be the possible Pop-up she saw? I got this when I unzipped this malware file into my downloads folder and the realtime shield blocked it.
Sat 12-10-2013 14:41:41.0901 Begin passive write scan (1 file(s))
Sat 12-10-2013 14:41:43.0352 Infection detected: c:usersdanieldownloadswin32killfiles.ncfwin32killfiles.ncf.exe [MD5: B6B8F6D287890D857DD15D0FA48C98B3] [3/00080000] [W32.Trojan.Trojan.gen]
Sat 12-10-2013 14:41:43.0352 Infection found in realtime: c:usersdanieldownloadswin32killfiles.ncfwin32killfiles.ncf.exe [MD5: B6B8F6D287890D857DD15D0FA48C98B3, Size: 13824 bytes] [524288/00000003] [W32.Trojan.Trojan.gen]
Sat 12-10-2013 14:41:43.0680 End passive write scan (1 file(s))
Yes I understand that.
When the red colored pop-up shows up, WSA automatically qurantines the threat, putting the rollback feature in place and scans for any threat remaining to remove it as described in my last post. The problem here is Margaret got the pop-up but didn't find the threat in the 'Quarantine'.
Hence I've asked her to manually scan in order to remove the file determined by WSA as blocked in the 'Block/Allow Files' tab. Followed by the removal of the entry from 'Block/Allow Files' tab.
I've also mentioned that if the inital scan does not find any threats she has to remove the entry from 'Block/Allow Files' tab as the threat could have already been removed only leaving the entry behind.
Pleae see if this setting is checked.
Then follow this https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/Webroot-Found-A-Virus-Maleware-But-Only-blocked-It/m-p/61101#M3134