I'm getting malicious activity on my PC directing me to Safeom.com and directing me to buy "Antivirus Scan" software. Some web sites identify this as malware but Symantec has nothing on it's website. Anyone know how to deal with this?

Do you have SEP running on your machine? Do you have definitions up to date? Please make sure you do and run a full scan or use Symantec Endpoiont Recovery Tool to scan your drive off line:

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions
http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

If it does not find malicious files, please try to do it manually:

How to use the Load Point Analysis within the Symantec Support Tool to help locate suspicious files
http://www.symantec.com/business/support/index?page=content&id=TECH141402

Keep us informed!

Safeom.com is one of the numerous homes for FakeAV so it is absolutely malicious. Try the steps Pawel outlined above as well as try the Symantec Power Eraser:

 

About Symantec Power Eraser

http://www.symantec.com/business/support/index?page=content&id=TECH134803&actp=search&viewlocale=en_US&searchid=1293399445332

Let us know the outcome.

If the above do not work, you can also try a second opinion scanner such as Hitman Pro or Mbam.

I have SEP running, but it appears this malware is blocking all websites except safeom.com. I can't navigate to Symantec or any other websites. I also can't launch SEP. I get a quick flash of SEP then it closes and a security alert notice that I think comes from this "safeom.com" "Antivirus Scan". I'm pretty sure my SEP definitions are up to date but I can't tell.

Please try the steps outlined here:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-scan

Easiest way may be to boot into safemode and remove

Finally got the malware removed. I found I could launch a program if I did it quickly after restarting the computer. I couldn't tell if the SEP scan was actually running, so I used Malwarebytes with fresh definitions because the definitions from 2 days ago did not catch the offending files. All is well now, thanks for your advice.

If any of the above solutions worked for you, please mark as solved so others can benefit as well

I have the same problem，and i cannot open any process but “safeom.com”，how i should do？

Your best is to boot into safemode with networking and make sure your definitions are updated and run a full scan.

If that doesn't succeed, try this:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-scan

As mentioned above, it sounds like Malwarebytes will remove it.

I have download the antispyware，it run a full scan but it cannot remove it

Cannot remove it or does not detect it? What kind of application did you download?

If it detects it, but cannot remove, you will need to boot into safemode and do a manual removal.

What antispyware tool are you using? Can you post the logs here for review? They should give an indication as to where the malware is on the system.

spyware doctor，when i run the computer in windows，“safeom”still running

safeom is just the website you will get directed to asking you to purchase the so called "software"

There is likely another process or processes running causing this whole mess.

If a SEP scan is not picking it up (make sure defs are fully updated) then try Malwarebytes or Hitman Pro instead of spyware dr. in safemode.

trojan.generic\backdoor.virkel\spyware.ibis_toolbar\trojan.byteverify\trojan.fakealert

symantec doesnot work,but it has a clash with spyare doctor

Which is why I would try Mbam or Hitman Pro. Those are both second opinion scanners and should not cause a conflict with SEP.

Thanks,brian81,i will try it again

Please let us know the results

Thanks,pitman pro is nice ,it kill"safeom"

sorry,its hitman pro!

I got rid of this malware using Malwarebytes. I could launch Malwarebytes only if I did so after restarting and immediately upon getting the Windows desktop, while the hourglass was still turning. The 26 Dec definitions found and cleaned it, but the 24 Dec definitions didn't. I don't know if SEP can find it.