Hello,
Kindly Follow the steps below to resolve this issue.
1. Boot the computer in safe mode.
2. Browse to C:\Documents and Settings\%userprofile%\Local Settings\Application Data\
3. There would be a folder or a .bat file or an .exe with a random name like VRQWSDJFGK.
4. This folder contains the Fake AV file.
5. If you don't find the folder in above mentioned location, try looking for it in C:\Documents and Settings\All Users\Application Data
6. Once the folder and file are traced, submit the file to Symantec Security Response using the appropriate entitlement.
7. Once the file is submitted successfully, the file can be deleted.
8. Boot the computer in normal mode.
9. If you are not able to access Internet, Correct the proxy settings in Tools > Internet Options > Connections > LAN Settings. Most of the times the Fake AV changes the setting to 'Automatically detect settings'. If there is no proxy server, you may uncheck this setting.
NOTE: It is not recommended to Delete the Threat File manually, as it may result to User profile corruptions.
Incase, if you are still unable to Find the Suspicious Threat File, you may consider to work on the Article Provided below:
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
https://www-secure.symantec.com/connect/articles/using-symantec-support-tool-how-do-we-collect-suspicious-files-and-submit-same-symantec-sec
In many cases, we found that the issue gets resolved, if the User Profile has been deleted and a new User profile is created.
If you have Symantec Endpoint Protection Manager to manage SEP clients, you might consider going through the below articles.
Hardening Symantec Endpoint Protection with an Application and Device Control Policy to increase security
http://service1.symantec.com/support/ent-security.nsf/docid/2010050810365948
Best practices regarding Intrusion Prevention System technology
http://service1.symantec.com/support/ent-security.nsf/docid/2009080314433948