Endpoint Protection

Hello. I’m running SEP.  Suddenly a program called “security shield’ starts scan in my pc (it shows 21 trojan etc) and it put an icon in my taskbar. I never install this program or other suspicious program and never click an ad. It doesn’t let me to close my documents. I try to terminate it but nothing, so I terminate it from windows task manager ( ctrl+alt+delete and  end task this program). I search my computer to find if this program installs in my pc….but nothing. I run a live update and I run I full scan. Sep doesn’t find any risk. What I can do now? My pc is safe?  Thank you a lot!

This sounds like FakeAV.

As a quick workaround, you can use malwarebytes or hitman pro and see if one of those removes it.

You can also submit the file to Symantec so they can review and write up new defs for it:

https://submit.symantec.com/websubmit/gold.cgi

I'm sorry but I can't understand. Which file I must submit to symantec? I can't find in my pc the location of this program and if this suspicious program is installed. Please help because I don't know to use very well the computers.

I would first download malwarebytes and install and run it. Hopefully, it picks up the infected file(s) and removes them. 

I find a "file" exe in Documents and Settings\User name\Local settings\application data and other in C:\WINDOWS\Prefetch. What can I do? Can I delete these files manually or i can do a system restore one day before?

Assuming your PC was infected AFTER the last system restore, you can do the restore and hopefully that will be clean and fix the problem.

Upload the files to virus total or threatexpert to see if they are malicious and delete if so.

https://www.virustotal.com/

http://www.threatexpert.com/

Hi,

If Symantec Power eraser could not find anything, run SST with load point analysis option.

It will save data in .sdbz format, if possible share SST logs with us.

We have an article how to submit suspicious files to Symantec.

Check this article: How do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

https://www-secure.symantec.com/connect/articles/u...

What to do when you suspect that a Symantec AntiVirus product is not detecting viruses

http://www.symantec.com/business/support/index?page=content&id=TECH99222

Check this article as well

How to troubleshoot FakeAV if it is not detected

http://www.symantec.com/connect/articles/how-troubleshoot-fake-av-if-it-not-detected

Also try following steps as well

Try to find location of file, If it's windows 7 under taskmanger right click on process and go to open file location.

OR

Search for security shied and right click properties, rename the file, kill the process and try to delete suspected .exe.

Thank you all for your answers. I’ve already downloaded the Norton Power Eraser. It detected the exe. file and deleted it. But I saw a file in C:\WINDOWS\Prefetch. Can I delete it manually? My pc is safe now?

Hi,

You can delete it from prefetch. Make sure you don't see any security shield in taskbar.

Your PC should be safe now, however scan the full system in safe mode.

Delete all the files from:

C:\WINDOWS\Prefetch

C:\WINDOWS\Temp

%User Profile%\Temp

Reboot the computer

If this post resolved your issue mark them as resolved.

Thank you all!. NPE deleted the virus. I run a full scan in safe mode and all are clean. I try to run NPE in normal mode again but I get the error message "Norton Power Eraser has successfully restored internet connection. Hosts file and NPE proxy settings may have been modified." and "Norton Power Eraser requires a stable Internet connection to run a scan. It is currently encountering intermittent network issues that are preventing the scan from completing. Please try again later. Error Code: 0x80045008" !!! (router firewall is off)