They infect your machine by any number of methods that exploit weaknesses or vulnerabilities in your system. Then they tell you that your machine is infected and you have to pay for their tool to remove it. I have seen one infection that told the user that all of their files were now encrypted and they had to pay to unencrypt them. Meanwhile it was just a bunch of smoke and mirrors.
Symantec has developed a unique tool that scans for these types of infections and performs the scareware removal for you. The tool is called Norton Power Eraser.
Norton describes their application as follows:
The Norton Power Eraser takes on difficult to detect crimeware known as “scareware” or “rogueware” that cybercriminals use to trick you into unknowingly downloading threats onto your PC. This growing form of crimeware uses bogus pop-up alerts or security messages that scare you into thinking your PC has been infected and needs to be fixed immediately.
The tool is meant as a last resort after all other methods have failed. This is simply due to the fact that it does get a lot of false positives. It is very aggressive and can potentially destroy applications. But if you are already on the verge of formatting the machine this is a great last resort.
After downloading and running the 5.28MB installer file you will see a screen that looks like this. It offers you the option of scaning for risks, or review and undo past repairs in case it damaged something.
By clicking on the orange scan button you will see two options. You can either scan an entire system or a directory by choosing its respective options.
I chose the option to scan a directory.
When I have a severely infected machine I pull the drive out of the computer and connect it to another machine to scan, via a IDE to USB cable. This way I am not booting into the infected operating system and I can scan the entire C:\ drive unobstructed. Then I would select the drive from the browser and click OK.
I chose the D:\ drive and saw a scanning your computer message across my screen as it scanned.
When it is complete it will display what it found:
And in the event it does find “˜Risks’ as it calls them, they will be displayed like so:
You can then click on the checkboxes next to each risk and hit the fix button to fix your issues. You have the option of creating a system restore point before making the changes.
This is helpful for running the scan on infected machines when the operating system files or registry have been corrupted. Sometimes fixing these issues cause more problems and it is always nice to be able to revert back and try again than to be simply screwed. Remember he who laughs last usually has a backup.
You can also check out this article on removing viruses at home by yourself. And if your system won’t boot, Symantec has another tool to help here. I will give it a shot when I can and let you know how it goes.