Endpoint Protection

I am getting this Symantec alert. Some how a demo version  of A V suite is running and wants to scan the computer,as soon as you stop the demo scan this alert becomes and all out explosion. It tells me that symantec virus protection is turned off. I tried to use live update but it fails. I have no idea what this A V Suite demo software is but it appears to be blocking symantec. Reminder this states it is only a demo to scan.

Can you please paste a screen shot of that?

It is located on a seperate computer. I do not know if I should just allow the A V suite demo scan proceed. I have also not tried to access the internet since yesterday when this happened as I do not know what this demo scan is doing. If I manually shut off the computer and a re-starrt the scan atarts over. I can go into safe mode and run A full virus scan and it will not detect anything.

Look for any exe  runnig in the task manger related to that.If you have any end it

Even check the Program files and addremove program , if it is there remove that from these 2 places.

Here is what I get when I try to get into task manager
SECURITY WARNING
Application cannot be executed.The file taskmgr.exe is infected.Do you want to activate your antivirus software now?

You have malware (FakeAV) on that machine that is causing legit processes to not run. Boot into safemode and run a malwarebytes scan

I am in safemode running a full system scan. Lmast one I ran 2 hours ago only detected a cookies being tracked. How do I run the malwarebytes scan?

I am in safemode running a full system scan. Lmast one I ran 2 hours ago only detected a cookies being tracked. How do I run the malwarebytes scan?

Here is what I get when I try to get into task manager
SECURITY WARNING
Application cannot be executed.The file taskmgr.exe is infected.Do you want to activate your antivirus software now?

I have several that are running. Is there a way to tell. I took a snap shot of the processes used on my other computer to try and figure out which one mught be running. If I go to safe mode do I run it wth with networking. I also do not understand why symantec will not detect ther is a problem. Last know definitions on my computer are from Friday the 10th.

Does any one know how to stop a fake AV launching. I can get symantec to launch and start a scan and then what I beleive to be a fake AV scan starts running and basically takes over symantec. If I try to close the scan it starts telling me my virus protection is off and starts launching alerts in the subject above. If I shut down the computer and go into safe mode without network client it will not find any of the viruses that the fake AV tells me is on the computer.

MBAM works from safemore but it is not designed to work that way .
MBAM will work better from regular mode both in terms of what it detects and what it can remove .
Doing a safemode scan with MBAM should only be done when a regular mode scan fails .

From MBAM staff: http://forums.malwarebytes.org/index.php?showtopic=5590

Try running the Norton System Scan to remove the threat, see http://security.symantec.com/sscv6/WelcomePage.asp

Fake AV is a tough thing to remove, but if you observe carefully obviously you can. How to remove depends on the type of Fake AV you got and depends on which file it is infected. I've come across multiple types, one type don't allow to login to the computer locally as it corrupts winlogon.exe file and points a malicious file, alter the registry entries where I was able to tackle it by using remote tool Dameware. Normally it will deny all admin tools like denying access to taskmgr, regedit, appwiz etc. Is this computer networked ? If so, try connect it thru a remote tool and find out the culprit process running. Is this Symantec Alert genuine ? I guess it is the culprit. Try finding latest files created in system32, Windows folder etc to get a Start. If the computer is not networked, probably you may need to get into Safemode and verify the above.