Hacker News: Webroot ‘mistakenly’ flags Windows as Malware and Facebook as Phishing site


Popular antivirus service Webroot mistakenly flagged core Windows system files as malicious and even started temporarily removing some of the legit files, trashing user computers around the world.

The havoc caused after the company released a bad update on April 24, which was pulled after approximately 15 minutes. But that still hasn’t stopped some PCs from receiving it, causing serious issues for not just individuals, but also companies and organizations relying on the software.

Webroot even Blocked Facebook


According to the reports by many customers on social media and Webroot’s forum, hundreds and even thousands of systems were broken down after antivirus software flagged hundreds of benign files needed to run Windows and apps that run on top of the operating system.

The faulty update even caused the antivirus to incorrectly block access to Facebook after flagging the social network service as a phishing website, preventing users from accessing the social network.

“Webroot has not been breached and customers are not at risk,” the company said on its online forum. “Legitimate malicious files are being identified and blocked as normal.”

What all went Wrong?

The buggy update caused Webroot anti-virus service to detect legitimate Windows files, including those signed by Microsoft, as W32.Trojan.Gen files – generic malware, in other words.

This behavior, eventually, moved critical Windows system files essential to the operating system’s effective functioning into quarantine, making them unavailable to Windows and rendering hundreds of thousands of computers unstable.

Even files associated with some of the applications had also been flagged as malicious and quarantined.

Webroot is Working on a Universal Fix

Webroot, which claims to have over 30 million customers last year, has suggested fixes for those using the Home edition and Business edition of its anti-virus software.

The company’s technical team also moved quickly and pushed a fix for the Facebook issue last night, according to the post on the company’s forum.

However, the company has yet to provide a definitive fix for its entire affected user base. The company confirms that it’s “currently working on this universal solution now,” but did not say when it would arrive.

What Affected Users should do

Meanwhile, the company has provided workarounds to restore files and prevent its antivirus from re-detecting the same Windows files as W32.Trojan.Gen, though it is only useful for home edition users and not for managed services providers (MSPs).

However, one user on Webroot’s forum is reporting that uninstalling Webroot, then restoring quarantined files from a backup drive, and then re-installing Webroot believes in fixing the issue.

Swati - Hacking News
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.

♥Thanks for sharing♥

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s