Hello:
I have a client who appears to be infected with the AVASoft Antivirus Professional rogue/fake anti-virus software. The SEP client's definitions were updated, today, prior to the infection, as they are dated March 19, 2013. I cannot find information about this, within the Symantec website; so, is there any information relating to the detection, cleanup, etc. of this infection, using a Symantec Endpoint Protection 11.x, unmanaged client?
When the system is booted up, the infection disables SEP from the system tray, as the user can see the SEP system tray icon disappear, upon system start; then, the AVASoft Antivirus Professional system tray icon appears. I have instructed the person to boot into SAFE MODE and run a full system scan. So far, the unmanaged SEP 11.x client can start in SAFE MODE and is scanning, which is good, because the SEP 11.x client cannot start when the person boots, normally.
Therefore, any KB, technical notes, tool, etc,. would be greated appreciated; thank you.