Solved is this malware? $mbr.1 in c: detected by Webroot

Gateway Gateway nv57h50u laptop / intel...
December 13, 2011 at 12:50:56
Specs: Windows 7 64-bit, Intel Celeron B800 / 4 GB
detected with Webroot Anywhere AV Pro, but cannot be removed. Win 7 64-bit OS. no obvious system problems at this time, and was not found by Malwarebytes or IOBit Malware Fighter. Is this a false positive?

See More: is this malware? $mbr.1 in c: detected by Webroot

Report •


✔ Best Answer
February 24, 2012 at 05:45:46
Webroot Support (Feb 24, 2012 11:20)

RE:Virus Still Popping Up


Hello,

If Webroot SecureAnywhere is still detecting "c:\$mbr.1" after 24hrs, please uninstall and then reinstall the Webroot SecureAnywhere in order to clear out any stored data that might be causing the false positive detection. In order to uninstall Webroot SecureAnywhere, follow the instructions below.

1. Open the Webroot SecureAnywhere program, click on “My Account” located at the bottom left frame, and click “Copy to Clipboard” in order to copy the existing product keycode to the Windows clipboard. Click Close to close the My Account window.
2. Open your Start menu, click Programs or All Programs, then navigate to the Webroot SecureAnywhere folder.
3. Under Webroot SecureAnywhere, open the Tools folder, then click Uninstall Webroot.
4. Click Yes and follow any prompts that appear.

It is not necessary to reboot your computer after uninstalling Webroot. To reinstall, click the link below to download the latest installer.

wsainstall.exe

1. Save the file to your desktop.
2. Double-click "wsainstall.exe" to run the installer.
3. Click in the keycode field and hit the key combination Ctrl-V to paste the keycode that was stored on the Windows Clipboard.
4. Click Agree and Install.
5. If asked "Would you like to automatically import the settings that were used in your previous installation?", click ****No****.

It is very important that you click NO, failing to do so will mean it wont fix the problem.

Webroot SecureAnywhere should now reinstalls itself and run a scan. Please let us know if Webroot SecureAnywhere is still detecting "c:\$mbr.1".

Thank you for your patience,
Roy Tobin,
The Webroot Advanced Malware Removal Team


Worked for me today and took all of three minutes. Check it out.



#1
December 13, 2011 at 13:24:38
Just got word from WEBROOT support that "$mbr.1 in c:" is a false positive, and they will try to resolve in an update within the next 24 hours.

Report •

#2
December 13, 2011 at 15:53:56
wow, thank you lord. haha i was thinking it was an mrb virus by looking at the coding, and it did stealth like one, since it was not possible to find even with base commands. if anyone knows what mrb viruses are, they're pretty darn potentially bad. Good to know. thanks

Report •

#3
December 13, 2011 at 15:59:28
Thank You! Oh And f--- You c:\$mbr.1

Report •

Related Solutions

#4
December 13, 2011 at 17:33:07
Thank God....Going nuts today.

Report •

#5
December 17, 2011 at 18:37:51
I'm getting the same thing on 12/17/2011, the WEBROOT website is functionally worthless. Took me a long time to finally figure out how to contact them via email. Is the product any good?

Report •

#6
December 18, 2011 at 00:15:58
So far I think it is pretty good (not a lot of experience with it - it was free for 6 mos. with PC purchase - high rating in PC Magazine, though). I set it up on a friends computer, so I don't see it everyday, but at the same time she has not downloaded any Mal-ware. What I don't like about it is that there is no sandbox, and the UI is not as intuitive as others. Personally, I have been extremely happy with the free versions of Avast and Malwarebytes. I use Avast for real time protection, and I found that if you download SMBAM for Malwarebytes, you can schedule update and quick scan in the free version for daily virus scans.

Report •

#7
December 22, 2011 at 07:40:40
Its now the 22nd of December and I still have the problem. Anyone get any updates on a fix yet?

Report •

#8
December 22, 2011 at 08:20:56
Here is my communication with Webroot Support. If solution doesn't work, let me know and I can generate another ticket. I can't verify right now because I do not have access to PC running Webroot. Hope this helps!

Talk to Webroot Support
Webroot Support (Dec 16, 2011 13:29)
RE:Malicious threat " $mbr.1 in c: "

Hello,


Try to un-quarantine and restore the file that was quarantined by the Webroot SecureAnywhere software if you have not already done so. To restore the file:
1. Click the "PC Security" button on the left frame.
2. Click the "Quarantine" tab.
3. Click the "View Quarantine" button.
4. Click the check box next to the file name and then click the "Restore" button.

Now that this change is in effect, we request that you run another scan of your computer (click on "Scan My Computer" on the main overview window). If the same detection occurs, please let us know immediately.

Thank you,

Webroot Advanced Malware Removal Team
Your Message (Dec 15, 2011 18:36)
Malicious threat " $mbr.1 in c: "

Just checked and Webroot scan still detects $mbr.1 in c: as a malicious threat. Any updates on resolution to this false positive?
Webroot Support (Dec 13, 2011 20:45)
RE:Can't resolve infection found using Webroot Secure Anywhere AV Pro

Hello,

The detection for "c:\$mbr.1" you have received is a false positive, and is not related to malware. We apologize for any inconvenience this has caused you, and assure you that we are working hard to resolve the issue. We expect to have rectified the issue within 24 hours. In the meantime, please ignore any detections related to "c:\$mbr.1".

Thank you for your patience,

The Webroot Advanced Malware Removal Team
Your Message (Dec 13, 2011 20:28)
Can't resolve infection found using Webroot Secure Anywhere AV Pro

Webroot scan reported " $mbr.1 in c: " as a malicious threat, but cannot remove it. During removal process, requests system restart, but no removal. Is this something to be concerned about, or is it maybe a false positive? Used Malwarebytes and IOBit Malware Fighter, and neither reported any viruses.


Report •

#9
December 23, 2011 at 06:33:17
I just had webroot find the same thing. That was on 12/23/11. Windows XP sp3. All updated. If it's a false positive then I guess I can ignore it but I would really like to know where it found this. Was it a file or something in the MBR?

Report •

#10
January 4, 2012 at 19:36:39
I am still having the same thing happening but still no fix, any word on when.

Report •

#11
January 31, 2012 at 16:17:20
Jan 31st, Updated Webroot antivirus with spy sweeper for secure Anywhere and initial scan shows the same threat $mbr.1 in c: after clicking on next it says cannot be removed and contact webroot support, so have reported it

Report •

#12
January 31, 2012 at 16:49:04
Follow these instructions:

Try to un-quarantine and restore the file that was quarantined by the Webroot SecureAnywhere software if you have not already done so. To restore the file:
1. Click the "PC Security" button on the left frame.
2. Click the "Quarantine" tab.
3. Click the "View Quarantine" button.
4. Click the check box next to the file name and then click the "Restore" button.

Now that this change is in effect, we request that you run another scan of your computer (click on "Scan My Computer" on the main overview window). If the same detection occurs, please let us know immediately.

I no longer have issues with this.


Report •

#13
February 16, 2012 at 08:38:15
Need update re: is $mbr.1 in C: a threat or not$$$$$

Had my pc crash last week. HD has been reformatted and all new software loaded. It has web root which detected the mess last week that Kaspersky did not detect. Then the two programs went to battle and crashed my whole system. I have a pid Kasperskey for 2 more years but am not that happy especially since there are NO USA phone contacts listed on their website. I got it with the laptop 2 yrs ago and then renewed.

Not sure what to do next of so many of the online anitiviris/antimalware are fakes and add to your problems or will scan your pc and then add to your problems.


Report •

#14
February 24, 2012 at 05:45:46
✔ Best Answer
Webroot Support (Feb 24, 2012 11:20)

RE:Virus Still Popping Up


Hello,

If Webroot SecureAnywhere is still detecting "c:\$mbr.1" after 24hrs, please uninstall and then reinstall the Webroot SecureAnywhere in order to clear out any stored data that might be causing the false positive detection. In order to uninstall Webroot SecureAnywhere, follow the instructions below.

1. Open the Webroot SecureAnywhere program, click on “My Account” located at the bottom left frame, and click “Copy to Clipboard” in order to copy the existing product keycode to the Windows clipboard. Click Close to close the My Account window.
2. Open your Start menu, click Programs or All Programs, then navigate to the Webroot SecureAnywhere folder.
3. Under Webroot SecureAnywhere, open the Tools folder, then click Uninstall Webroot.
4. Click Yes and follow any prompts that appear.

It is not necessary to reboot your computer after uninstalling Webroot. To reinstall, click the link below to download the latest installer.

wsainstall.exe

1. Save the file to your desktop.
2. Double-click "wsainstall.exe" to run the installer.
3. Click in the keycode field and hit the key combination Ctrl-V to paste the keycode that was stored on the Windows Clipboard.
4. Click Agree and Install.
5. If asked "Would you like to automatically import the settings that were used in your previous installation?", click ****No****.

It is very important that you click NO, failing to do so will mean it wont fix the problem.

Webroot SecureAnywhere should now reinstalls itself and run a scan. Please let us know if Webroot SecureAnywhere is still detecting "c:\$mbr.1".

Thank you for your patience,
Roy Tobin,
The Webroot Advanced Malware Removal Team


Worked for me today and took all of three minutes. Check it out.


Report •


Ask Question