Hello CrassCom

You can do a full scan with the free version of Malwarebytes to see if that program finds anything or perhaps it will find some left over clean up to do from previous infections. Malwarebytes is a good free program to use along side your Norton product as a secondary on demand scanner. A full scan does take a while to finish however. The program also produces a log in notepad which you can save as and name it and save it to your desktop. You can then post the log here using the add attachment when you post your next message. Malwarebytes will not interfere with your Norton product. You can find it here.

Download the free version, install and update then run a FULL scan. After the scan completes you should post the logs back to this thread.

You can find Malwarebytes here

http://www.filehippo.com/download_malwarebytes_anti_malware/

It is a safer location to get the program from than malwarebytes themselves because some malware creators have large lists of sites that they block. Please be careful to down load the correct program ----the FREE version of MALWAREBYTES

(Thanks to Delph for providing the alternative site)

Adobe products are updated quite often for security reasons, so it is possible that it might have been infected. You should not click on any popups unless you are positive that they are from your Norton product. Clicking on other than Norton popups is an almost sure way to get infected.

Thanks for your response. I downloaded and ran a full scan with MalwareBytes. It found a couple of suspect Registry keys and removed them.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{77dc0baa-3235-4ba9-8be8-aa9eb678fa02} (Rogue.ASCAntispyware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

After that I ran a quick scan that came up clean. At this point I'll just have to wait a while to see if anything else happens. In the past when I thought I had corrected the problem, it came back a week or so later. So I'm not going to feel comfortable until some time has passed without incident. If there is another incident I'll run MalwareBytes again and post the log.

I'm still curious to know if anyone has seen the particular behavior I described: The Acrobat flash screen displaying despite not having clicked on an Acrobat link. Followed by an alert (seemingly from Acrobat) that said the file has new Acrobat features and asking to click in order to use them. Then no Acrobat file opens up. After that the evidence of an infection appears.

Thanks again.

Hello CrassCom

Do you have the latest versions of Adobe programs installed? Adobe is always being updated for security reasons. It sounds almost like a rogue antivirus program, but instead of trying to get you to install a fake antivirus program, it tried to install a fake Adobe program.......and may have succeeded in doing that.......