Fake AV is a tough thing to remove, but if you observe carefully obviously you can. How to remove depends on the type of Fake AV you got and depends on which file it is infected. I've come across multiple types, one type don't allow to login to the computer locally as it corrupts winlogon.exe file and points a malicious file, alter the registry entries where I was able to tackle it by using remote tool Dameware. Normally it will deny all admin tools like denying access to taskmgr, regedit, appwiz etc. Is this computer networked ? If so, try connect it thru a remote tool and find out the culprit process running. Is this Symantec Alert genuine ? I guess it is the culprit. Try finding latest files created in system32, Windows folder etc to get a Start. If the computer is not networked, probably you may need to get into Safemode and verify the above.