I recently installed 123 copy dvd gold 2013 onto my computer. Everything was fine until after I registered and the software said there was an update available. I downloaded the update but after that the screen froze and webroot popped up saying a threat was detected. I followed the instructions on the screen and webroot quarantined a file. I tried to do a google search on the type of file it was (csi7191.exe) but did not come up with anything. I also did a search for viruses associated with 123 copy dvd gold and a message from its website said your antivirus may not allow you to download it due to the copyright protection software. It goes on to say it is safe to download their software. I purchased the original 123 copy dvd software from a store and upload it on my computer from a disk which did not produce any warnings from webroot. The issue came up when I tried to download the update.
My question is does anyone know what this file is csi7191.exe and what is does to your computer and if it is safe to restore or should I just uninstall the software from my computer completely? I would like to use the software but not if it puts my computer at risk.
One last (simple?) question. In the learn more section of webroot is says a lock will appear on the webroot icon on the system tray when you are online. This does not always appear for me and I was wondering if I should be worried about it.
Thanks for reading and for any advice you can give.
Best answer by shorTcircuiTView original
Support said that the quarantined file installs adware onto your computer. Unfortunately there is no way to unselect this file to not be installed with the update. (When I click on the program it asks if I want to download the update and I checked everywhere for a check box and the only options are to download or download later. It doesn't even tell you it will install another type of file it just lists the updates needed for the software.)
Support suggested to either not download the update or to remove the adware manually from my computer afterwards. At the moment I am just not going to update the program and see if I even like software. This experience has kinda put me off 123 copy. If it was a free software I download from the Internet I could understand the adware but for something I PAID for....! There are other softwares out there that do the same thing.
I think ultimately I am going to uninstall the software and start shopping for a new app.
P.S. Sherry thanks for the KB link! I checked it out last night and I am sure I will be going back there.
Thanks again for your help! You will probably see me around during the weekends since I have no time for anything during the week. :@
I downloaded the Trial and scanned it with VirusTotal and 8/54 and you can add WSA as it's not on the list and they come with OpenCandy https://www.virustotal.com/en/file/d56e789deeb1feca6368b1dc0f87d4680813e2798a469b76792b0856b85413b8/analysis/1404075218/ a real pesky Adware.
DavidP1970 thanks for the link! I am learning more about WSA and security in general. When I have the time I will definitely be stopping by. Like I said in the title I am not an advance user but I would like to be.
First of all, as it is the weekend, we are pretty much all volunteers on here. The Webroot staff does take the weekends off. That said, the Support system which you can access by submitting a Trouble Ticket IS staffed 27/7.
It sounds like this is an issue in which a new file in that update simply needs to be "Whitelisted" by Webroot support. Regardless of what you decide to do regarding the quarantine, you should go ahead and click the Trouble Ticket link above and submit one so that Webroot Support can take a look. If the file is indeed harmless, they will whitelist it in the Cloud which will fix the issue for everyone who uses Webroot and 123 Copy DVD Gold.
Before you go any further, are you postive that:
As for that lock in the system tray..... That part IS from the previous version of Webroot, and the feature has been downgraded. In the past, it would show the lock on all HTTPS connections, but not HTTP. At this time WSA monitors ALL web connections so the lock symbol SHOULD be visible at ALL times. Most people will not see it though as usually by default the systray will HIDE the Webroot Icon, putting it up into the area where you have to click the arrow to "See More".
I have changed my systray icon settings to keep the WSA Icon visible at ALL times, and the lock is ALWAYS there when the browser is the active window. NOTE: When I am online, but I click on any window/program other than the browser, like Notepad, the lock DOES dissapear. It only shows when the browser window is the currently active/selected window/application.
I hope this helps!
Let us know what Support tells you about the file in question!
I'm also pretty new here but I too can tell you that you are in good hands with DavidP1970. Hope to see you around here in the community!
Enjoy your evening! 😉
May I add my Welcome to the Community Forums. :D
Glad you got a result. May I ask if you downloaded the installer concerned from the author's website or from their official download site, or if you got from a 3rd party site? The reason I ask is that a number of the 3rd party sites are known to be rife with versions that contain PUAs/PUPs/adware, and at worst malware. If you did you a 3rd party site then it may be worth seeing if you can download the installer from the autjor's website, etc.
Just a thought...in case it has not been mentioned before.
To add to what Baldrick said, you might try a fresh full download / install direct from the author, but you might also contact the author and request an installer that has NO added software. It is common practice to include extra stuff on free software, they get paid a small amount for doing so and it pays for the free software and free trials, but it is NOT normal to have that on paid software.
I upload the original program from a disk I bought in a store but when 123 copy is done installing they do direct you to a third party site to download an additional app. I did this and there was no problem. Webroot quarantined the file when 123 copy said there was an update to the software and asked if I want to download it from inside the program itself.
At this point I think I am just going to uninstall the program.
I will submit a trouble ticket and see how that goes. I don't know if the file is safe so if the webroot staff can determine that I will leave it in their capable hands. I don't believe it was extra software but I guess it could have snuck in without me knowing.
For the system tray - I have the icon set so I can see it at all times like you but for some reason the lock can disappear and then reappear when I am in the same online screen. (Truth is I just noticed it today when I started looking at this site. The lock was not there for a long time. I shut my computer down after my last post and when I came back to this site it finally just reappeared as I was writing this post. It is odd.)
Anyway thanks for the advice and I will post the results of this issue when I hear back from the webroot team.
While PUA's may not actually damage your files, they WILL damage your patience, and slow your computer down. Have enough of them on the computer, and the computer can fail to operate correctly. Adware, as Support noted this is, is one such PUA.
WSA tends to be a bit picky on what it will detect: generally the harder it is to remove the PUA, the more likely WSA is to detect it.
I think it a very good thing that this was detected!
Here is an interesting short reply from one of Webroot's Threat Researchers and Community Mods regarding them.
Thank you for letting us know what Support had to say, I DO appeciate it! I hope that you continue to drop by, this is a great place to learn more about WSA, and other Security related issues, and we like to have a bit of fun too 🙂