Solved

POSSIBLE COMPROMISED AV aka Seriously bad juju going down with Webroot

  • 24 October 2012
  • 13 replies
  • 1146 views

My WRLog in the WRData folder is proof. I have 307.8 BILLION, no lie, BILLION system events since install and the number doesn't stop going up at and extremely high rate of speed. This is a possible compromised AV and vulnerability. Please work with me so that we can have this patched up for me and everyone else soon.
 
Thank you, Jay
icon

Best answer by MikeR 25 October 2012, 19:54

Good news!
 
The malware engineer has responded to your ticket and has found no traces of infection on your computer. :D
 
He also responded with the anti-virus application drivers that are still running on your system. If these are remnants of anti-virus software that you no longer use, I recommend contacting their customer support for a tool to remove the remaining drivers.
View original

13 replies

Userlevel 7
Badge +55
This is normal it just shows you that WSA is actively protecting your system! Also you can click on View Details on the main page in the GUI or this way https://detail.webrootanywhere.com/agenthelp.asp?n=Viewing_the_protection_statistics also it will reset when it hits 1 Trillion :D
 
HTH,
 
TH
 
And Welcome to the Webroot Community Forums! ;)
 
Userlevel 7
Hello Jay, Welcome to the Webroot Community Forum. :D
Like TH posted, it's normal. 😉
Userlevel 7
@ wrote:
 it will reset when it hits 1 Trillion
 

Aww, it don't go over 1 trillion. lol 😃
Userlevel 7
Hey TheEmpancipator,
 
TripleHelix is right, you don't have to worry. We have anticipated the system events into the trillions and you will not experience vulnerabilities from this number increasing. The interface is designed to flex as the numbers increase so that it can display correctly. :D
 
Userlevel 7
Badge +55
Sorry PTD it will go in the Trillions as Joe said here LOL http://www.wilderssecurity.com/showthread.php?t=334484
 
TH
Kay guys, that would explain how every service I have running on my computer depends on RPC, and if RPC is ended the system will force reboot, and how at each reboot it rolls back to a previous registry hive that was stored beforehand and updates itself with each boot. Or I could've just made all that up, here's the kicker...I didn't.
 
Please hear me out, I've spent hours, upon hours reading my registry keys and values. And yes I didn't alter any of them, just looking for how this infection has it's hold on me. What it looks like is a mean ass root kit that doesn't let go. Because I've been having reoccuring infections within the past 8 months. Overall I've had to take my computer into Geek Squad around 7 times. I'm not lying, or exaggerating, or anything. Webroot is supposed to help prevent things like this, but it's not doing it at all. PLEASE HEAR ME OUT 😨
Oh and another example is the fact that none of my Webroot settings stay to what I changed them too, For instance the HTTP filter in the Web Shield resets after every reboot, as well as the option for allowing programs access to the HOSTS file.
yeah, sorry about the sass just a minute ago....it's just frustrating because I haven't been able to use my computer how I see fit in almost 8 months and I've been fighting it the whole time and not winning. As for a lot of people my work is done on the computer, and I haven't been able to do any successfully without something going wrong. If I'm wrong, tell me how and why I am so I can finally relax, please
Userlevel 7
Badge +55
I will let a Webroot Employee look after you but I want to say one thing since you have a subscription to Webroot SecureAnywhere you should never take it to Geek Squad as Webroot has many great malware removers here and with the support inbox that will help you clean if your PC becomes infected for FREE! Geek Squad likes to make money so I will say no more on that subject!
 
TH
Oh I know aaaalll about Geek Squad and their ways, I used to work at Best Buy. I had the Tech Support service with them so that's the only reason why I went to them each time because it was for free as well. They also told me that my Webroot Tech Support was through them, it even said it on the box when I bought it.
Userlevel 7
We will definitely take a closer look and investigate this for you. I have opened a support ticket for you and will be sending instructions for you to follow. The instructions explain how to collect logs which will help me investigate further. I used the same email address that you signed up here on the forum with. Please use the email and password that has been sent to your inbox to access your ticket.
 
As a side note, if your protection is being centrally managed from your MyWebroot Account, these settings will return to the centrally managed  defaults whenever the client updates with the cloud.
 
 
 
Userlevel 7
TheEmpancipator,
 
I just wanted to update you and let you know that I have been reviewing the logs and that your ticket is not being ignored. I have not responded to it via the support system because I am going to escalate the ticket to our malware engineers and it will have higher priority with your message as the latest activity.
 
Thank you for your patience. If there is malware present on the machine we will need to take care of that first before troubleshooting headless drivers and other conflicts.
 
I did however find multiple antivirus drivers running that are unnecessary and may be causing performance issues. I am taking notes on the ticket and escalating it now.
Userlevel 7
Good news!
 
The malware engineer has responded to your ticket and has found no traces of infection on your computer. :D
 
He also responded with the anti-virus application drivers that are still running on your system. If these are remnants of anti-virus software that you no longer use, I recommend contacting their customer support for a tool to remove the remaining drivers.

Reply