Solved

Non Advance user seeking help with Quarantined item


Userlevel 1
Hi this is my first post and I was hoping to get some advice from some advance user.
 
I recently installed 123 copy dvd gold 2013 onto my computer. Everything was fine until after I registered and the software said there was an update available. I downloaded the update but after that the screen froze and webroot popped up saying a threat was detected. I followed the instructions on the screen and webroot quarantined a file. I tried to do a google search on the type of file it was (csi7191.exe) but did not come up with anything. I also did a search for viruses associated with 123 copy dvd gold and a message from its website said your antivirus may not allow you to download it due to the copyright protection software. It goes on to say it is safe to download their software. I purchased the original 123 copy dvd software from a store and upload it on my computer from a disk which did not produce any warnings from webroot. The issue came up when I tried to download the update.
 
My question is does anyone know what this file is csi7191.exe and what is does to your computer and if it is safe to restore or should I just uninstall the software from my computer completely? I would like to use the software but not if it puts my computer at risk.
 
One last (simple?) question. In the learn more section of webroot is says a lock will appear on the webroot icon on the system tray when you are online. This does not always appear for me and I was wondering if I should be worried about it.
 
Thanks for reading and for any advice you can give. 
 
Starlight :D
icon

Best answer by shorTcircuiT 29 June 2014, 01:40

View original

14 replies

Userlevel 1
Hi 😃 I have heard back from support and DavidP1970 you were right it was extra software.
 
Support said that the quarantined file installs adware onto your computer. Unfortunately there is no way to unselect this file to not be installed with the update. (When I click on the program it asks if I want to download the update and I checked everywhere for a check box and the only options are to download or download later. It doesn't even tell you it will install another type of file it just lists the updates needed for the software.) 
 
Support suggested to either not download the update or to remove the adware manually from my computer afterwards. At the moment I am just not going to update the program and see if I even like software. This experience has kinda put me off 123 copy. If it was a free software I download from the Internet I could understand the adware but for something I PAID for....! There are other softwares out there that do the same thing. 
 
I think ultimately I am going to uninstall the software and start shopping for a new app. 
 
P.S. Sherry thanks for the KB link! I checked it out last night and I am sure I will be going back there. 
 
Thanks again for your help! You will probably see me around during the weekends since I have no time for anything during the week. :@
 
Starlight 
Userlevel 7
Badge +56
Hello,
 
I downloaded the Trial and scanned it with VirusTotal and 8/54 and you can add WSA as it's not on the list and they come with  OpenCandy https://www.virustotal.com/en/file/d56e789deeb1feca6368b1dc0f87d4680813e2798a469b76792b0856b85413b8/analysis/1404075218/ a real pesky Adware.
 
Daniel
Userlevel 1
Thanks Daniel for going to the trouble to download and scan it! I think I am done with 123 copy gold.
 
DavidP1970 thanks for the link! I am learning more about WSA and security in general. When I have the time I will definitely be stopping by. Like I said in the title I am not an advance user but I would like to be.
 
Starlight :D
Userlevel 7
Hello Starlight, welcome to the Webroot Community!
 
First of all, as it is the weekend, we are pretty much all volunteers on here.  The Webroot staff does take the weekends off.  That said, the Support system which you can access by submitting a Trouble Ticket IS staffed 27/7.
 
It sounds like this is an issue in which a new file in that update simply needs to be "Whitelisted" by Webroot support.  Regardless of what you decide to do regarding the quarantine, you should go ahead and click the Trouble Ticket link above and submit one so that Webroot Support can take a look.  If the file is indeed harmless, they will whitelist it in the Cloud which will fix the issue for everyone who uses Webroot and 123 Copy DVD Gold.
 
Before you go any further, are you postive that:
  1. The blocked file IS a part of the 123 Copy DVD Gold update?
  2. A LOT of software these days, though usually FREE software not paid for, includes extra software downloads when updating or installing that you can opt out of.  Browser toolbars, trial system cleaners, etc etc.  Make sure that the file in question is not from such an "added download" as those pretty much always mean trouble.
  3. Finally, are you postive that the file should be safe?
If you are POSITIVE that the file in question is from the software and is safe, you can restore it from the quarantine and unblock it manually.  I am NOT familiar with 123 Copy DVD Gold (Though I do see no bad reviews, etc etc) so I really cannot say if the file is a part of it or safe.  If you have ANY doubts, I reccomend that you wait to hear back from Webroot Support on your trouble ticket: they will test the file and advise you on how to either restore it, or safely remove it from your computer.
 
As for that lock in the system tray.....  That part IS from the previous version of Webroot, and the feature has been downgraded.  In the past, it would show the lock on all HTTPS connections, but not HTTP.  At this time WSA monitors ALL web connections so the lock symbol SHOULD be visible at ALL times.  Most people will not see it though as usually by default the systray will HIDE the Webroot Icon, putting it up into the area where you have to click the arrow to "See More". 
 
I have changed my systray icon settings to keep the WSA Icon visible at ALL times, and the lock is ALWAYS there when the browser is the active window.  NOTE: When I am online, but I click on any window/program other than the browser, like Notepad, the lock DOES dissapear.  It only shows when the browser window is the currently active/selected window/application.
 
I hope this helps!
Userlevel 7
@ wrote:
Thank you DavidP1970 for the welcome and the advice!

 
For the system tray - I have the icon set so I can see it at all times like you but for some reason the lock can disappear and then reappear when I am in the same online screen. (Truth is I just noticed it today when I started looking at this site. The lock was not there for a long time. I shut my computer down after my last post and when I came back to this site it finally just reappeared as I was writing this post. It is odd.)
 
Anyway thanks for the advice and I will post the results of this issue when I hear back from the webroot team.
 
Starlight :D
Even if the browser is visible, if ANY other window or application is currently selected or "Active", even just clicking on the taskbar itself, the lock will dissapear.  That is normal :)
 
Let us know what Support tells you about the file in question!
Userlevel 7
Badge +62
😃 WELCOME Starlight!! Looks like you will be in Good hands with @ ...Great to have you here on the WSA Community Forum. We have alot of knowlegable members here ready to aid and assist so please come back and let is know if you get these issues sorted out!
@ wrote:
Hi this is my first post and I was hoping to get some advice from some advance user.
 
I recently installed 123 copy dvd gold 2013 onto my computer. Everything was fine until after I registered and the software said there was an update available. I downloaded the update but after that the screen froze and webroot popped up saying a threat was detected. I followed the instructions on the screen and webroot quarantined a file. I tried to do a google search on the type of file it was (csi7191.exe) but did not come up with anything. I also did a search for viruses associated with 123 copy dvd gold and a message from its website said your antivirus may not allow you to download it due to the copyright protection software. It goes on to say it is safe to download their software. I purchased the original 123 copy dvd software from a store and upload it on my computer from a disk which did not produce any warnings from webroot. The issue came up when I tried to download the update.
 
My question is does anyone know what this file is csi7191.exe and what is does to your computer and if it is safe to restore or should I just uninstall the software from my computer completely? I would like to use the software but not if it puts my computer at risk.
 
One last (simple?) question. In the learn more section of webroot is says a lock will appear on the webroot icon on the system tray when you are online. This does not always appear for me and I was wondering if I should be worried about it.
 
Thanks for reading and for any advice you can give. 
 
Starlight :D
 
___________________________________________________________
Have a great weekend besides.....:D
 
Userlevel 6
Welcome to the community Starlight! 
I'm also pretty new here but I too can tell you that you are in good hands with DavidP1970. Hope to see you around here in the community!
Userlevel 7
Badge +62
Starlight it's a pleasure to have you here! 😉 just browse around if you want to familiarize yourself with our Community. You can check out the KB if you'd like.. https://community.webroot.com/t5/tkb/communitypage

Enjoy your evening! 😉
Userlevel 7
Hi Starlight
 
May I add my Welcome to the Community Forums. :D
 
Glad you got a result.  May I ask if you downloaded the installer concerned from the author's website or from their official download site, or if you got from a 3rd party site?  The reason I ask is that a number of the 3rd party sites are known to be rife with versions that contain PUAs/PUPs/adware, and at worst malware.  If you did you a 3rd party site then it may be worth seeing if you can download the installer from the autjor's website, etc.
 
Just a thought...in case it has not been mentioned before.
 
Regards
 
 
 
Baldrick
Userlevel 7
I am glad that it is not the software itself, but it is really a hassle when it is paid software that is bringing in the extra junk.
 
To add to what Baldrick said, you might try a fresh full download / install direct from the author, but you might also contact the author and request an installer that has NO added software.  It is common practice to include extra stuff on free software, they get paid a small amount for doing so and it pays for the free software and free trials, but it is NOT normal to have that on paid software.
Userlevel 1
Hi Baldrick thanks for the welcome!
 
I upload the original program from a disk I bought in a store but when 123 copy is done installing they do direct you to a third party site to download an additional app. I did this and there was no problem. Webroot quarantined the file when 123 copy said there was an update to the software and asked if I want to download it from inside the program itself. 
 
At this point I think I am just going to uninstall the program. 
 
Starlight :D
Userlevel 1
Thank you DavidP1970 for the welcome and the advice!
 
I will submit a trouble ticket and see how that goes. I don't know if the file is safe so if the webroot staff can determine that I will leave it in their capable hands. I don't believe it was extra software but I guess it could have snuck in without me knowing. 
 
For the system tray - I have the icon set so I can see it at all times like you but for some reason the lock can disappear and then reappear when I am in the same online screen. (Truth is I just noticed it today when I started looking at this site. The lock was not there for a long time. I shut my computer down after my last post and when I came back to this site it finally just reappeared as I was writing this post. It is odd.)
 
Anyway thanks for the advice and I will post the results of this issue when I hear back from the webroot team.
 
Starlight :D
Userlevel 1
Thanks Sherry and BB97 for the welcome! :D
Userlevel 7
Others may disagree, but my own experience would indicate that a result like that is a REALLY nasty bug.  As a majority of the AV' listed do not detect it, that can mean it is not actual malware, but what we call a PUA.  (Potentially Unwanted Application)
 
While PUA's may not actually damage your files, they WILL damage your patience, and slow your computer down.  Have enough of them on the computer, and the computer can fail to operate correctly.  Adware, as Support noted this is, is one such PUA.
 
WSA tends to be a bit picky on what it will detect: generally the harder it is to remove the PUA, the more likely WSA is to detect it.
 
I think it a very good thing that this was detected!
 
Here is an interesting short reply from one of Webroot's Threat Researchers and Community Mods regarding them.
 
Thank you for letting us know what Support had to say, I DO appeciate it!  I hope that you continue to drop by, this is a great place to learn more about WSA, and other Security related issues, and we like to have a bit of fun too 🙂

Reply