See the Microsoft KB's

How to Use Regedit.exe to Rename Keys - http://support.microsoft.com/kb/216350

Windows registry information for advanced users - http://support.microsoft.com/kb/256986

Manually removing or detecting threat you need to call the Support as they can remote into your computer and will fix it for you..

Regedit..is registry editor..

Click ON -Start -run - type regedit -Click OK

It will open the registry editor.
Once it opens on the top click ON -Edit --Find--then type Sp.dll or the files you want to search and hit OK.
Once you find it you can delete it.
However either you can follow the article i recommened you"how to find threats on your computer"
www-secure.symantec.com/connect/articles/how-find-suspected-threats-your-computer
or call support it wont take for than 15 minutes for Tech Support Engineers to fix it.

Thanks...I will try these suggestions.
Vikram,  thanks for the articles.  I printed them and will keep them for refererence.  The problem is that the virus is blocking my browser from accessing the internet, so I could not carry out the instructions until I get rid of it.

I'll let you know how it goes,

Thanks,

Robert

One more thing to do..it looks it is hacking your web-browser so..

Click ON -Start -Control Panel -Internet Options-Advanced -under Reset Internet Explorer Settings Click Reset...once everything is finished re-open the browser.

When you open your browser which website does it open..what is the name of that Fake Antispyware program..
If its something XXX send me a PM.I will check that in my Test Machine and send you recommended steps as well on removal 

Hi,

this time I don't agree with Vikram. SEP is not a product for home users but for enterprises. If you don't know what regedit is, you should ask to your IT admin to help you. If you don't have an IT admin you should call your IT technician. In the contract is specified that the person that interacts with a Symantec technician, has to be an IT technician/admin, it means someone that knows regedit. The Symantec Support for enterprises should be used to get a professional support for serious issues, identify and clean a virus is something serious but teaching how to use regedit is not our duty. Of course some Symantec engineers are very very kind to resolve a lot of basic issues remotely because the customer is totally unskilled but they are taking the big responability of touching the customer's machine when they shouldn't do it.

Regards,

LOL...I agree with you but Support not always means Enterprise Support..Don't tell me you havent got any calls from Doctor's Secretaries who don't know which Operating system they have...well everybody from support would agree with me..You really have to struggle to start the webex..Because SMB calls are also routed the same place..

I tried running the regedit function with Edit-Find as Vikram described above.  When I put in lsp.dll, the search did not find it.  When I tried sp.dll, it gave files that looked nothing like what the Antivirus window name looked like.  I didn't want to try anything else without instructions.

I called Symantec to get technical help, but they will not talk to me without a Corporate Service contract identifiation number and referred me here.  I am in a telecommuting office, so I called my IT support guy and have not heard back since Monday morning.  Somentimes I think he would rather donate a kidney than return a phone call.

When I open my web browser, it is set to go to Google.  I recently added the Yahoo toolbar, Microsoft Bing toolbar, Skype, and Java.  My computer has not been the same since.  Google search gives me a page of sites that have no relationship to my search, so I have been using Bing which is like the old Google searches.

The name of the virus that comes up in the scan is Trojan.Fakeavalert.slp.dll

I will try Vikram's web browser reset instructions next.  Anything else I can try?

Thanks,
Robert
 

Have tried to delete the file using unlocker.
Install un-locker as suggested to you earlier
.
When you try to delete a file and when you get access denied--unlocker will come up ans ask you what you want to do..Select Delete-Click Unlock --the file will be gone..

@Vikram: sure, I get several calls from non IT skilled persons but before I run a webex session I try to evaluate the situation, if I feel that a webex session can quickly resolve a tricky issue then I do it, if I feel that they are abusing of our service because they are lazy, stingy or, even worse, arrogant, I don't do it. We should also take in consideration the efficiency, I cannot spent two hours in webex for example for a manual uninstallation of SEP because the customer is lazy or unskilled. I prefer to send him the KB and use these two hours for other serious cases. Again, the doctor's secratary should not call us, she has to call her IT specialist and he has to call us. This is for customer's convenience as well, a lot of time we send KB with a lot of advanced topics (like regedit) and we should be sure that they are applied by skilled guys to avoid that the customer damages himself and his productivity (and calls again... and complains against Symantec... and bla bla bla...). I know that most of customers don't respect this rule, therefore I run some webex sessions for banal issues, but only as courtesy and with the record of the session...

@Baccus: sorry if we are a bit off topic, regarding the resolution of your issue I agree with Vikram's technical suggestions.

Regards,

I agree to whatever you say but most of the times we evaluate the customer on 1-7 now 1-10. 

Baccus,

I have had the same virus on client machines...all you need to do is

1. right click on My Computer,
2. select properties,
3. go to system restore and uncheck the use system restore box.

Then rescan the computer.....if you have administrative rights to this computer, then it will work for you. Once the scan completes, reboot the machine and re-enable system restore. Your virus should be gone. 

Thanks, Profman.  I hope it is that easy! 
What if I don't have administrative rights (I'm not sure).

Vikram and Guisseppe - thank you both for your input.

Robert

Yes, I have.  It was part of a network that a former employer gave to me for telecommuting, so I wasn't sure.
I will try your instructions.
Thanks again!
Robert

I installed the unlocker and was able to get in to Windows\system32\lsp.dll and see the files there.

Then I followed Profman's instructions:

1. right click on My Computer,
2. select properties,
3. go to system restore and uncheck the use system restore box.

I ran the scan on the computer and it detected the virus just as before.  It did not quarantine, clean, or remove it.  I tried manually using the icons at the top of the window with my mouse and got the same answers as before.  I tried rebooting, but the "Virus found" window came up just as before.  The internet browser still cannot connect to the internet.

The files in the system32 files are below.  I didn't know what they were so I did not want to delete them.

The files in System32 are:
 Process:          Path locked                                          PID     Handle       Process Path
svchost.exe       C:\windows\system32\lsp.dll           1284          1               C:\windows\system32\lsp.dll
svchost.exe       C:\windows\system32\lsp.dll           1408       1                  C:\windows\system32\svchost.exe
jgs.exe                C:\windows\system32\lsp.dll           720         1                 C:\programfiles\java\jre6bin\jqs.exe
seaport.exe      C:\windows\system32\lsp.dll           1584         1                C:\programfiles\microsoft\searchenhancementpack\seaport\seaport.exe
alg.exe              C:\windows\system32\lsp.dll            1336        1               C:\windows\system32\alg.exe

Should they be deleted?

Thanks,
Robert

I installed the unlocker and was able to get in to Windows\system32\lsp.dll and see the files there.

Then I followed Profman's instructions:

1. right click on My Computer,
2. select properties,
3. go to system restore and uncheck the use system restore box.

I ran the scan on the computer and it detected the virus just as before.  It did not quarantine, clean, or remove it.  I tried manually using the icons at the top of the window with my mouse and got the same answers as before.  I tried rebooting, but the "Virus found" window came up just as before.  The internet browser still cannot connect to the internet.

The files in the system32 files are below.  I didn't know what they were so I did not want to delete them.

The files in System32 are:
 Process:          Path locked                                          PID     Handle       Process Path
svchost.exe       C:\windows\system32\lsp.dll           1284          1               C:\windows\system32\lsp.dll
svchost.exe       C:\windows\system32\lsp.dll           1408       1                  C:\windows\system32\svchost.exe
jgs.exe                C:\windows\system32\lsp.dll           720         1                 C:\programfiles\java\jre6bin\jqs.exe
seaport.exe      C:\windows\system32\lsp.dll           1584         1                C:\programfiles\microsoft\searchenhancementpack\seaport\seaport.exe
alg.exe              C:\windows\system32\lsp.dll            1336        1               C:\windows\system32\alg.exe

Should they be deleted?

Thanks,
Robert

delete ISP.dll ..select delete and click unlock..it will be deleted. 

If I go into Mange - Services - Symantec Endpoint protection, and the system is not running with protection rights, what do I do?  Is this a yes or no check-the-box type of thing?

I will delete ISP.dll also.  I have not looked for or into this folder, but will will give it a try.

Thanks!

Robert

I used the delete lsp.dll with the unlock tool and deleted the files.   The alert window stopped opening as soon as this was done.  Then I ran the scan and it came up without any findings.  That is the good news (Thanks, Vikram).

The remaining problem is that I still can not access the internet.  My computer's icon in the lower right tells me I am connected, but the Browser cannot connect to anything.  How can I fix this problem?
Thanks again for all of the input and help,
Robert

from the article i posted you earlier run Autoruns.

Go to Internet Explorer Tab..then delete all the entries that you see wothout a publisher or a known publisher. 

you can use free antivirus tool that do not need to install
for example freedrweb.com
I'm using it when symantec is not able to clean virus

Vikram, Thanks for all your help.

I looked through all of the postings and I am not sure which article is the Autorruns article.  Can you send me the link or redirect me to the post that contains it?

At this point, I have deleted the virus, re-run the scan, and rebooted.  The virus alert window no longer appears.  But the browser says it cannot connect to the internet even though the icon in the lower right says I am connected.
Robert

 www.symantec.com/connect/articles/how-find-suspected-threats-your-computer

Thanks.  I will download and run the program.

Since the virus has been found and deleted, will this help me get back on the internet?
Robert

Thanks... I will give it a try and hope for a hit!
Robert