Tech Support Guy banner
Status
Not open for further replies.

Don't install Webroot SecureAnywhere (Jul 2016)

1K views 5 replies 3 participants last post by  valis 
#1 · (Edited by Moderator)
Hi,

Don't install Webroot SecureAnywhere, currently as of Jul 2016. There is a remote admin tool exploit for it. Uninstalling it won't help you, because antivirus programs have supreme rights in a system, and the attacker can install and hide things anywhere on your box. If you just purchased it and got attacked, you will have to perform a reinstall of Windows.
 
#3 ·
Hi Triple6,

No links. I experienced it myself.

Uninstalling is too late, the remote admin tool would have installed stuff all over the place. Because gaining access to the antivirus gave it supreme rights.

The attackers actually tried to prevent me from uninstalling Webroot. They made the uninstaller un-accessible. After sucessfully uninstalling, I was finding changes in places that I didn't do. Then I remembered that AV's have supreme rights, and the admin tool has successfully hidden itself.
 
#4 ·
That's a hard thing to prove that Webroot was the source/cause and I don't see no references to this anywhere else. How do you know it used Webroot to get into the system and not something else? Have you reported this to Webroot? What have they said? Also pretty drastic to recommend that everyone who has it to reinstall Windows, what if they have it but their system has not been hacked by someone? Or are you saying that just having it installed allowed the hackers to instantly infect and hide a remote access agent on every system?
 
#5 · (Edited by Moderator)
I know it is hard to prove that Webroot is the true cause, it may be another vulnerability exposed somewhere in my systems. But, that is the only change I made, and I installed it on 2 systems, and both were attacked after the installation.
The point of my post is to warn people that there is a vulnerability in that program. And that if attacked, it would take a reinstall / reimage because AV's have supreme rights in the system. I have informed Webroot of it. I will edit my first post to make that clearer.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top