If you find the above instructions to be a little overwhelming we can always remote onto your computer and do this for you – free of charge. Just call 866-612-4227 and we’ll get this sorted.

If you wish to continue support with me, I’ll have instructions below on how to gather log files and then return them to me. With these logs I’ll evaluate them and find a solution. Please follow the below instructions.

*IMPORTANT*
Please do this on the computer that is having the issue.

First please boot your computer into SAFE MODE WITH NETWORKING. (if you don’t know how I will type instructions for you below)

Turn off computer
Turn on computer and start tapping the F8 key repeatedly
Eventually you will be presented with a black screen with white lettering saying “advanced boot options” (if you don’t start over from the beginning)
On this screen use your up and down arrow keys to select “SAFEMODE WITH NETWORKING”
Press Enter, Press Enter again, let windows boot up.

Open Webroot.
1. Click PC Security tab.
2. Click the Custom Scan link.
3. The default scan option is “Deep”. Click Scan.

Once that completes, let’s gather log files.

1. Download Webroot’s log-gathering utility from the following link:

http://download.webroot.com/wsalogs.exe

2. Save the file to your Desktop (or the preferred Download folder of your web browser).

3. Once it has finished downloading, double-click the wsalogs.exe file on your Desktop to run it.

4. In the box labeled “Email:”, enter your email followed by “cathousejack” so I know these are your logs.

5. Click the “Go!” button to begin the log gathering process.

Expect the utility to take between 1 to 10 minutes to gather the necessary information. The run time depends on various factors on your computer, including the size of the Webroot software logs and the compression speed of the computer. This utility is designed to gather extended logs from the Webroot software and basic system information.

The utility will gather the necessary information and will attempt to return it automatically via a secure dropbox connection (please allow PSCP.exe through your firewall, if asked). A copy of the logs will also be present on your Desktop, named in the following fashion “wsalogs_email@you.set_date-time.7z”. The utility will then attempt to return you to this web page, please leave a message letting us know you have sent the requested logs.

Thank you,

Tyler M
Threat Research

My name is Tyler and I work as Threat Research in Webroot. I’d be more than happy to assist both of you in your recent infection.

Webroot has advanced heuristics that will be monitoring malicious activity on any process – even if there isn’t a determination on it yet. What most likely happened was a zero day variant that wasn’t yet classified as malicious. In any event you can still remove these infections as soon as they hit with relative easy using some advanced controls on your Webroot. Please follow the below instructions:

If your computer is inoperable in normal mode, please boot into safe mode with networking.

Open Webroot
Click on the “System Tools” tab
Click on “System Control” on the side
Click “Start” under control active processes
Look for suspicious executables, which have been set to Monitor.

Such files often run from these locations on your computer: %Programdata%, %appdata% or %temp% locations. Examples include:

C:\Documents and Settings\All Users\Application data\xjspw2r\xjspw2r.exe
C:\Documents and Settings\%username%\Local Settings\ApplicationData\dim.exe
C:\Programdata\Privacy.exe

Note: monitored files may be legitimate files that simply behave suspiciously. Unless you are certain that the file is malicious, we recommend uploading these files to VirusTotal.com for malware verification. Keep in mind, some of the vendor results may be false positives.

Once you have confirmed that the files in question are malicious, change the setting to Block.

Run a new scan with SecureAnywhere.

This should remove your Zero day variant that we may not yet have a determination for. We can then analyze logs from your system and add the threat to our database of malware determinations. This will help us prevent you and other customers from falling victim to this particular piece of malware in the future.

If you wish to open a ticket with us open Webroot and click on
the link at the bottom for Webroot support.

Thank you,

Tyler M
Threat Research