One of our clients has been having the same issue on different machines (~4) for about a month now.
Malware Bytes successfully finds and cleans the problem from the machine without fail.
The MB cleanup lists them as FakeAlert, Agent and Hijack, however I'm aware that there is also a Proxy being inserted into the mix which I manually remove with HijackThis prior to updating MB.
Their Endpoint clients believe that they are up to date, the resident shield is active, and they have no-threat-detected scans from startup (even though the FakeAlert, Agent and Proxy are all present at that time), and it will successfully detect the Hijack, but only after the Agent/Proxy/FakeAlert have been removed.
The client wants to keep Symantec, so we were wondering if there's anything we can do on our end to expedite prevention of infection even though I've already purged the infected files from the machines in question.