• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

System Infected: Fake Plugin Activity 2

I have been receiving this "System Infected: Fake Plugin Activity 2" notification from Norton, saying they've blocked it. This kept coming up once every minute and is making my computer slower than before. I have read some forums and followed some instructions:
1. deleted Chrome and re-installed again
2. delete extensions (but did not see any suspicious ones)
3. delete suspicious programs from control panel (but there wasn't any).

However, problem still persists. Any help?? Thank you in advance!

Replies

Kudos0

Re: System Infected: Fake Plugin Activity 2

Firstly, please do NOT try any 'quick fixes' or to solve this yourself.

It sounds like it's time to sign up for assistance from one of the free malware removal sites.  Please pick one and stay with them until your system is clean.

https://community.norton.com/forums/malware-removal-forum-recommendations

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: System Infected: Fake Plugin Activity 2

Thanks for your help

Kudos0

Re: System Infected: Fake Plugin Activity 2

I genuinely appreciate the solution suggested - and I'll probably try the malware removal suggestions - but it raises a fundamental issue: surely the reason we subscribe to Norton is because we want to trust it to resolve any malware problems that occur. The idea that we have to go and risk downloading other software from places we don't know seems to underline a gaping hole in Norton's capabilities. Or am I wrong in expecting Norton to be able to fix problems like this?

Kudos0

Re: System Infected: Fake Plugin Activity 2

 Fake Plugin Activity 2 is known signature.  As such upon detection.  Signature should be contained.   Beyond that the Community cannot discern the individual particulars.   Malware may hide behind other malware.  Malware often does not travel alone.  Perhaps a malware variant.  Perhaps polymorphic malware.  Perhaps malware although flagged still made change(s) requiring manual intervention.  The infinite specific details are simply not known to the Community.  As such.  The prudent Community response is direct to experts.  Experts that employ specialty tools and maintain the required platform to safely delve into and repair as required.
What is Norton Virus Protection Promise?
How I stay safe online

Kudos0

Re: System Infected: Fake Plugin Activity 2

By the way, I should make it clear that my criticism, if it's justified, is intended for the Norton software, not the community. As far as I can see, the community does an amazing job.

Kudos0

Re: System Infected: Fake Plugin Activity 2

Giless

Regarding your question about Norton AV protection (and this applies to other AV's), although they provide protection from most threats, there's no one AV or antimalware product available that can provide 100% protection against malicious incidences.  With Zero-day threats and the large amount of attack variants that appear over the 'net daily, it's just too large a task for protection products to encompass such threats within their defense mechanisms.

PC protection plans are as diverse as the known Universe  but I'll offer my 2¢ about it:

- I rely on Norton to block/protect me against most threats.  If I had to pick a number, I'd guess that my perception is that Norton successfully blocks ~95-98% of the threats to my PC.

- This next point is somewhat controversial at this forum, but I also use dual-layer real-time protection by running MBAM Pro (Malwarebytes antimalware) along with my N360 AV.  Although it's often stated that conflicts can occur with MBAM and Norton (or any other mainline AV tool), I haven't encountered this issue as yet after running both products (real-time) since November 2012 on 3 PC's.

I prefer a dual-layer protection approach as AV's and antimalware-specific tools scan with different methods as such, are scanning for different threats although there are some overlaps.

To obtain another perspective about this topic, there are numerous threads at other forums including this one at Bleepingcomputer.com.  Note post #4 from member "quietman7" in this thread, which includes the following excerpt: (the bold font is in the original excerpt)

You need both an anti-virus and an anti-malware solution for maximum protection.

An anti-virus program alone does not provide comprehensive protection and cannot prevent, detect and remove all threats at any given time. Anti-virus and anti-malware programs each perform different tasks as it relates to computer security and threat detection. Essentially, they look for and remove different types of malicious threats.

In simplistic terms, Anti-virus programs generally scan for infectious malware which includes viruses, worms, Trojans, rootkis and bots.

Anti-malware programs generally tend to focus more on adware, spyware, unwanted toolbars, browser hijackers, potentially unwanted programs and potentially unsafe applications.

http://www.bleepingcomputer.com/forums/t/573659/malwarebytes-and-av/

PUP's are annoying and when you encounter one, they can be persistent.  Norton, or this is my understanding at present, doesn't scan for PUP's.  This is one reason to employ dual-layer protection.  On-Demand scanners are good but they are reactive tools, not proactive. One of the main reasons I use MBAM Pro (the paid version of the product) is due to the Scheduler option within the product.  That allows me to run a nightly scan when my PC is idle which will detect recent malicious items, if present in my PC.

- System Backups.  This is my main malicious-recovery strategy as it will provide a way to recover from virtually all malicious content in a fairly quick manner.

Here's a thread in the "Tech Outpost" section at this forum that may offer additional info about the topic:

New to drive cloning: question regarding Norton 

When a malicious incident occurs, it's basically a personal choice about which recovery path to use, depending on one's level of malware-removal knowledge:

- Seek online assistance at one of the malware-removal specialists' forums

- Recover from a previously processed full-HDD Image (or install a recent Cloned HDD)

- Remove the malicious content themselves

I look at my PC protection issue as "when, not if", I get hit with some kind of malware or perhaps a PUP that's difficult to remove.  That is why I maintain HDD backups to provide a way to recover locally so that I can resume my normal PC activities in an expedited manner.

My last experience with malicious intrusion occurred about 2½ years ago, just before switching to Norton AV.  There were no email attachments opened, no torrent sites visited, no P2P (peer-to-peer) apps involved, etc.  I was visiting one of my reputable daily visit sites when I was hit with malware. 

My guess is that the malware was an exploit variant or "drive-by" type, etc.

I installed a Cloned HDD and was running the PC normally within 10 minutes after copying over a few of my frequently-edited items from another portable HDD.

For me, it's hard to quantify the peace of mind aspect of having a complete spare HDD on the shelf ready to install in the event of an occurrence of undesirable incidents, such as HDD failure, bad Windows Update install, user error, bad download/update, etc.

Windows 7x64 Home Premium OEM Ver / MoBo: ASUS P7P55D-E / CPU: Intel i5-650 / RAM: 16 Gb Corsair DDR3
Kudos1 Stats

Re: System Infected: Fake Plugin Activity 2

Hello

Norton does remove some PUP's. If you check out the malware that it does check for, you will see some PUP's listed.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: System Infected: Fake Plugin Activity 2

for the info.  I'd thought Norton didn't check for PUP's.  Good to know this.

Windows 7x64 Home Premium OEM Ver / MoBo: ASUS P7P55D-E / CPU: Intel i5-650 / RAM: 16 Gb Corsair DDR3
Kudos0

Re: System Infected: Fake Plugin Activity 2

Norton detects PUP's as PUA's once they cross a line known only to Norton.

Kudos0

Re: System Infected: Fake Plugin Activity 2

Hello

You can see what Norton checks for here at this site.

http://us.norton.com/security_response/definitions.jsp?pid=ns_win

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: System Infected: Fake Plugin Activity 2

Norton probably checks for
http://www.symantec.com/security_response/ 

Kudos0

Re: System Infected: Fake Plugin Activity 2

My site lists Norton products, yours lists Symantec products.

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: System Infected: Fake Plugin Activity 2

Thanks, all, for the insights, and particularly Scoop8 for the detailed analysis.

I realise that any anti-malware program is going to lag somewhat behind the appearance of new threats; for me the most important aspect of what you've explained is that Norton (and I'm sure this applies to pretty much all security software) doesn't attempt to address all instances of malware once they've been identified. I had thought, probably naively, that as soon as any bit of malicious code was recognised, Norton would work on a fix and apply it in a regular update that would then purge users' systems when they next check for viruses etc. The puzzling thing is that the Norton software did identify and block System Infected: Fake Plugin Activty 2 (hooray), but didn't offer a way to remove it.

I guess I'll have to look at alternatives - perhaps a dual layer approach as you suggest.

Kudos0

Re: System Infected: Fake Plugin Activity 2

floplot:

My site lists Norton products, yours lists Symantec products.

er' what 

Kudos0

Re: System Infected: Fake Plugin Activity 2

I discovered this when I was troubleshooting a friend's laptop

This threat intrusion was blocked by Norton, but the message kept returning, so he was understandably concerned

The persistence of it concerned us, especially since it showed different sources for the attach online, so something had to be 'installed' locally on the machine to trigger the attempts

System:Windows 8

Browser:Chrome

After researching this online and reading the comments in this thread, I instantly realised what had happened

I opened up the Extensions section in Chrome and 'discovered' that in addition to his legitimate extensions ( like AdBlockerPlus ) was one for a markdown manager that:

1.  He didn't remember installing--and showed an installation from two ( 2 ) days ago

2.  That Google Chrome actually flagged as unrecognised and not from the Google Store

3.  That didn't have it's own icon

Once I deleted this fake extension, the problem vanished and no more 'blocked intrusion' messages

I'm hoping that this can solve the problem for others not only in Google Chrome, but Firefox or other browsers, also

PS

He also had 'Yellow AdBlock' installed, which really defeats the point of adblocker extensions, since it just tries to put ads on your screen ( AdBlockerPlus was already disabling it ), so I removed this as well

Kudos0

Re: System Infected: Fake Plugin Activity 2

Hello NortonBTard

Thank you for posting your solution to a problem. I will try to remember to ask Chrome users to check their extensions for anything that doesn't look familiar to them and to double check to see if all the extensions are really needed. The same thing would apply to FF. Having too many extensions I would think would slow down the browser also.

Since he is using win 8, I would also suggest that you turn off fast startup. Having it on causes many problems for Norton and many other programs as well.

Please read this link for instructions.

http://www.eightforums.com/tutorials/6320-fast-startup-turn-off-windows-8-a.html

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.

This thread is closed from further comment. Please visit the forum to start a new thread.