webroot file in program files<random><random>.exe

  • 15 September 2017
  • 7 replies
  • 214 views

Autoruns info:
WRSVC WRSVC: Webroot SecureAnywhere Internet Security Plus v9.0.17.28 (Verified) Webroot Inc. c:program filesajcyttqr
fsjxyjz.exe 7/19/2017 11:28 AM 2/64
 
Checks out with mbam and virustotal.
 
Does Webroot ever use this location?
 

7 replies

Userlevel 7
Hi robetwo
 
Welcome to the Community Forums.
 
If you are looking for a definitive answer I would Open a Support Ticket and get the Support Team to advise on this as it looks like one that only they can respond to with certainty.
 
Regards, Baldrick
Userlevel 7
Badge +56
See here: http://live.webrootanywhere.com/content/558/Installing-SecureAnywhere
 
Randomize the installed filename to bypass certain infections — To change the Webroot installation filename to a random name, for example, QrXC251G.exe, select this checkbox. Doing so prevents malware from detecting and blocking Webroot's installation file.
Thanks.
From http://live.webrootanywhere.com/content/558/Installing-SecureAnywhere
Randomize the installed filename to bypass certain infections — To change the Webroot installation filename to a random name, for example, QrXC251G.exe, select this checkbox. Doing so prevents malware from detecting and blocking Webroot's installation file.
 
This does not mention the folder, though.  The folder and file I found to were not under the install folder.
 
Userlevel 7
Badge +56
@ wrote:
Thanks.
From http://live.webrootanywhere.com/content/558/Installing-SecureAnywhere
Randomize the installed filename to bypass certain infections — To change the Webroot installation filename to a random name, for example, QrXC251G.exe, select this checkbox. Doing so prevents malware from detecting and blocking Webroot's installation file.
 
This does not mention the folder, though.  The folder and file I found to were not under the install folder.
 
If you don't need the Randomised selection just do a clean reinstall of WSA and use the default install mode!
 
Please follow the steps closely!
 
  • Make sure you have a copy of your 20 Character Alphanumeric Keycode! Example: SA69-AAAA-A783-DE78-XXXX
  • Be sure you add your Keycode to your Online Console: Webroot SecureAnywhere Online Console
  • KEEP the computer online for Uninstall and Reinstall to make sure it works correctly
  • Download a Copy Here (Best Buy Geek Squad Subscription PC users click HERE) Let us know if it is the Mac version you need
  • Uninstall WSA and Reboot
  • Install with the new installer, enter your Keycode and DO NOT import any old settings as you can set it up as you like once it's done
  • Let it finish it's install scan
  • Reboot once again
Please let us know if that resolves your issue?
 
Thanks,
 
Daniel 😉
I'm not asking to change anything.  
 
I found random files on the system which usually indicate an infection.  I'm asking how to prove these files are safe.
 
Userlevel 7
Badge +35
@ wrote:
I'm not asking to change anything.  
 
I found random files on the system which usually indicate an infection.  I'm asking how to prove these files are safe.
 
Hello,
 
The "Randomize the installed filename to bypass certain infections" option will install Webroot SecureAnywhere using a random filename in a random sub-folder of Program Files, so it is possible that is what you are seeing.
 
Uninstalling and reinstalling the application was suggested in order to return your install of Webroot SecureAnywhere in the default location. You could also Submit a Support Ticket
 
-Dan
Since uninstalling removes the folder, doing so would suggest the file is safe.   Although, if it was malware using compromized certs, it would be especially important for it to remove itself in certain conditions, to avoid suspicion.  
 

Reply