Issue: Anti-Virus – Rogue
Common Description: “There is something on my screen telling me I am infected.”
“My computer is telling me I have viruses.”
“I keep getting pop-up windows about scanning my computer.”
Probing Questions: Do you recognize the program? When did this start? Does it lock you out of your computer? Are you able to surf the internet? Did you click a pop-up asking you to scan or repair your computer?
Resolution: If the client is unable to perform tasks freely enough to establish a connection, guiding the client through a safe boot may be necessary. Instruct the client to turn off the unit and repeatedly tap F8 until the advanced boot options appear. From this point select safe mode with networking. Once booted to safe mode you can connect normally.
Once a connection is established the goal is to run a variety of well-known trusted removal tools in order to quickly and efficiently clean the computer.
Some well-known scanners include:
-Malwarebytes -MBAR -Trend Micro
-Super Anti Spyware -Hitman Pro -Symantec
-Rogue Killer -TDSSKiller -Windows Sec Essentials/Defender
After installation, the use of the majority of scanners is intuitive. Continue the scanning process until reports come back with no infections found.
Considerations: In order to minimize recurrence and ensure client satisfaction it is important to ensure the infection has been completely removed.