Hi everyone,
I got a sudden alert yesterday by my NIS09 Auto-Protect that I'm infected with Adware.BetterInternet. This happened out of the blue while I was working on my pc. I was not, at the time, even surfing in the Internet.
At the suggestion of Auto-Protect I chose fix all, and the result was that 8 registry entries, 1 file and 1 Browser Cache were quarantined. I did a subsequent FSScan, and the scanner again detected the Adware.BetterInternet threat, and again quarantined the specific items.
NIS09 informed me that the threat was fully removed. A couple os FSScans last night, and one more today shows no sign of the threat anymore. Fine.
The problem now is that when I go to view the risk details, because I want to know where did this threat all of sudden originated, I get only to see only 8 items, not 10, at the details section.
Further, only 4 of these items are detailed, and the rest 4 items are depicted as : [Restricted Item (permission required)].
So although, this threat is identified as a FILE Based Risk type, I cannot see the file in the quarantined items anywhere.
What happened all of a sudden and I got the alarm from auto-protect? Was not even on the net. Where is the file that caused the threat alarm? Why I cannot see the 4 [Restricted Item (permission required)]?
Further, in one of the registry keys quarantined, I can see that there is an http://www.microsoft.com/isapi entry.
Was the Alarm a false positive?
I would appreciate your help, since all these do not make any sense to me.
Thanks alot.
TrDo.
P.S. I have already submitted the threat to Symantec, BUT the well known issue of submitting through our NIS09, without tracking number (actually is a blind submission) cannot provide me with any guidance or feedback unfortunately, so as to restore the items.
<<edit: Image resized for better fit>>