LongFisher

Here's the NIS log, if anyone's interested: Source: Manual Scanner Risk category: Virus Click for more information about this risk : Trojan.Fakeavalert Action taken: Deleted Description: Affected areas: 3 Files: c:\documents and settings\administrator\local settings\temp\setup_200002.exe - Deleted Unknown - Reboot required Unknown - Reboot required 42 Registry keys: HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1001\Software\Microsoft\Internet Explorer\New Windows\\PopupMgr - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1002\Software\Microsoft\Internet Explorer\New Windows\\PopupMgr - Repaired HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\New Windows\\PopupMgr - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\New Windows\\PopupMgr - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1000\Software\Microsoft\Internet Explorer\New Windows\\PopupMgr - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden - Repaired HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt - Repaired HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden - Repaired HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1002\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions - Repaired HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools - Repaired HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools - Repaired HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit - Reboot required HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1002\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr - Repaired HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr - Repaired HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr - Repaired HKEY_USERS\S-1-5-21-436374069-1606980848-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr - Repaired HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr - Repaired HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System - Repaired

Firstly, I want to say how much I appreciate a certain poster here named Luis. I'm learning Luis, I assure you. OK, now for the questions. I had an infection of FAKEAVALERT virus that Norton initially detected but couldn't clean. As it was not deactivated by Norton it commenced its malicious activities. Malwarebytes Anti-Malware seemed to recognize it and some others and got rid of them....I thought. I set up Anti-Malware to update and scan every night. No further problems with FAKEAVALERT or anything else according to the scan logs which I check in the mornings. Oh, the virus may well have infected Norton as the previously scheduled daily fullscans and the hourly quick scans were turned off. I turned them on again yesterday. Also, the live update screens seem to have changed up a bit. They're in a new format that I've not seen before. So, when the dialog box asking if I'd like to run live update appeared I shut it down and, instead, opened Norton and executed live update from within Norton thinking this might show the old more familiar update screens. It didn't. It was the same. So, I thought it might have been change resulting from an online update of Norton that I have set up automatically. This morning, the Norton scan log showed that it had detected FAKEAVALERT again and deleted it. The Malwarebytes Anti-Malware log has persistently shown no further infections even last night. The Anti-Malware scan is scheduled for 1 a.m. and the Norton scan is scheduled an hour later. So, does the signature of FAKEAVALERT persist and Norton was just taking out the trash from an earlier effort to rid the compauter of the virus or do I still have an infection? Also, any comments about what may have been changes to Norton would be helpful. Thanks, Longfisher

My Norton detected an infection from FAKEALERT Trojan but didn't eliminate the threat. Your program found not only this trojan but three others that were resident on my machine and cleaned them all out returning my system to perfect running order. I can't tell you home much I appreciate your great product. I'm going to buy it. LongFisher