Fake AV - Virus problem that needs to be addressed
Hopfully this is the correct forum for this topic.
My wife's computer was hit with a fake AV alert virus.
Norton seems to have cleaned the virus (but may not have), but .... there continues to be a red shield with a white X on the status bar that say NAV is out of date. This has never been true on her computer.
When I look at the NAV history I find these:
Unauthorized access block (Open Process Token) Blocked 1/26/2010 9:38:48 AM
Trojan.FakeAV detected by Auto-Protect Removed 1/26/2010 7:30:08 AM
Statistical Submission: Trojan.FakeAV Submitted 1/26/2010 7:26:06 AM
AntivirusSystemPro detected by Virus scanner Removed 1/25/2010 5:57:15 PM
Statistical Submission: AntivirusSystemPro Submitted 1/26/2010 5:52:43 PM
vxcjsysguard.exe accessed your network resources Detected 1/24/2010 5:17:35 AM
tvcp.exe made 5 modifications to your System Config. Detected 1/24/2010 5:17:20 AM
IPS Detection Statistical Submission Submitted 1/24/2010 5:16:55 AM
It's seems clear that the infection occurred around 1/24/2010 5:16:55 AM
On the 26th is when all the fake AV message appeared (because my wife closed the laptop right around the time of infection).
The Norton Alert shield has been red ever since and it's never been out of date.
One more piece of info.
On my netbook (NOT the infected computer above), I had not turned it on in 34 days so I had the red alert shield on the status bar but ... after running live updates from NAV and clicking on the "fix" button (IN NAV not the shield application) which ran a quick scan the shield went away.
On my wife's laptop (the infected computer), Norton detects no problems and about a dozen full scans have been run since the 26th and many quick scans have run. This is why I believe the red shield program may be infected.
I believe something is still not cleaned