Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Malware/Virus Removal

Created: 28 Dec 2010 | 5 comments
browserman's picture

I have a customer that works on his computer at home. He had a Malware that I was unable to remove. It was scareware type called Windows Optimizer. Have any one else had problems with this Malware.

Comments 5 CommentsJump to latest comment

Pawel Lakomski's picture

Does your customer have SEP up and running with updated definitions? Have you tried to run a full scan? You can follow these steps:

1. If it does not help, use Symantec Endpoint Recovery Tool (LiveCD) following the instructions on:
How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions
http://www.symantec.com/business/support/index?pag...

2. Use Symantec endpoint Protection Support Tool with Power Eraser (eliminates deeply embedded and difficult to remove threats that traditional virus scanning doesn't always detect) following the article:
Support Tool with Power Eraser Tool included
http://www.symantec.com/business/support/index?pag...

3. Check the loadpoints on your machine:
How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files
http://www.symantec.com/business/support/index?pag...

4. If you manage to identify infected files and thay are not detected by SEP, please submit the files using this link:
http://www.symantec.com/business/security_response...
They will be verified and new definitions will be created.

--

Cheers,

Symantec Technical Specialist
Symantec Certified Specialist
MCP & MCITP
Cisco Certified Network Associate
Citrix Certified Administrator

Kurt G.'s picture

Generally these types of "scareware" have new variants created multiple times a day. In most cases we have definitions for risks before our customers will ever see them, however with the incredible number of new variants for different risks being written constantly it is nearly impossible for any AntiVirus product to catch them all.

Pawel's recommendations are excellent and would be what would be recommended if you called in to support for assistance with this type of issue. If you do need assistance with locating what files may be suspect, or getting these files submitted so that we can create definitions for the new variants, please do call in and open a case. A technician will be able to assist you with the steps that need to be performed.

Kurt G.
Symantec Technical Specialist: Endpoint Security Advanced Team

Symantec Corporation www.symantec.com

Symantec Enterprise Support: (800) 342 0652 

sandra.g's picture

In case we have already created a detection that isn't included in the Certified release (via LiveUpdate), I'd like to also suggest applying Rapid Release definitions to the affected machine then running a full scan:

http://www.symantec.com/business/security_response...

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!

VSK's picture

You may also have a look at the following:

Does Symantec Endpoint Protection protect me from fake anti-virus programs?

http://www.symantec.com/business/support/index?page=content&id=TECH122898&actp=search&viewlocale=en_US&searchid=1293641966874

-VSK

cus000's picture

Hi,

Just follow steps as above.. 

However if you're determined to fix it quickly.. you may want to try 3rd party Anti-Malware/Spyware.. suggestion as below:

Malwarebytes Anti-Malware

Spybot Search & Destroy

regards