My sister was using Myspace the other day and somehow she came across one of those fake "Scan your computer now for a virus!" thing and it did that usual automatic download. I exited out of the window before it could really download something harmful to my computer. I ran an Anti-Malware scan and a Norton Security scan afterwards. Both scans came up with nothing. I checked my Norton history and it said that it blocked an Unauthorized access. The next day I checked the history and that same unauthorized access kept getting blocked every hour. Here's the file information of it.
Actor: Googleupdate.exe
Target: Norton Anitvirus
Action: Open Process Token
I checked the history today and I found a download insight blocked. A launch of 1_13c810[1].exe?
I was wondering if this is some kind of virus and if there's anything I can do to get rid of these.
If you don't receive fake messages that your computer is infected, if there are no suspicious system tray icons loaded, during normal use of the PC, and If you didn't run the .exe file with the fake antivirus, that means you are not infected. Just be sure that you have already deleted the infected .exe, clear temporary files from your browser:
For Internet Explorer: Tools - Internet options - find Browsing history from the General tab and use delete. Make sure that Temporary Internet Files and Cookies are checked.
Now open Computer (My Computer), type %temp% in the adress bar and remove any existing files (select all files, and use Shift + Delete combination. If you are unable to delete some files, that means they are in use and can be skipped or removed after reboot.
Additionally, you can remove your Norton History too, using the clear history button, so you can easily focus your attention on new events and see if the suspicious file is still blocked.
My sister was using Myspace the other day and somehow she came across one of those fake "Scan your computer now for a virus!" thing and it did that usual automatic download. I exited out of the window before it could really download something harmful to my computer. I ran an Anti-Malware scan and a Norton Security scan afterwards. Both scans came up with nothing. I checked my Norton history and it said that it blocked an Unauthorized access. The next day I checked the history and that same unauthorized access kept getting blocked every hour. Here's the file information of it.
Actor: Googleupdate.exe
Target: Norton Anitvirus
Action: Open Process Token
I checked the history today and I found a download insight blocked. A launch of 1_13c810[1].exe?
I was wondering if this is some kind of virus and if there's anything I can do to get rid of these.
I just recently ran another scan and it caught a virus "Trojan.FakeAV!gen13" and Norton quarantined it. I ran an Anti-Malware scan afterwards to make sure it was removed and ran both scans again in safe mode. They came up clean. Is there a possibility of it regenerating somewhere?
I used photobucket to display the screenshot since the attachment didn't accept the file I used it on. I'm still pretty new at this "adding picture" thing so I hope this wouldn't be a problem.
This trojan is already known by Symantec. For more information, see: Trojan.FakeAV!gen13
Providing that you already did a full scan, with Norton and Malwarebytes, I think that the trojan is removed. There are situations when malware reappears on the system, but let's wait for a while and see. Your security product should warn you if it's still there.
A good practice to follow after removing any malware is really to create a new restore point and delete your old ones. If you use system restore and go back to the time when this malware was on your computer, then you will be putting it back on or could put it back on.