BELOW IS MY LATEST POSTING TO THE SECURITY FORUM - it has been suggested I seek assistance from one of the free malware removal sites.
Staring the evening of the 20th, I experienced and attack on my system - "Web attack: Magnitude Exploit Kit Website 2"). I ran Norton Power Eraser and no risks were found, I did a full system virus scan and no threats were found.
Next day on the 21st I experienced a number of attacks, all blocked by Norton Security. The "High" risk threats were: "an intrusion attempt by 31.184.194.100 was blocked - web attack: MSIE XMLDG M Active X CVE-2013-7331", and "an intrusion attempt by 31.184.194.37 was blocked - system infected: Trojan.Ad Clicker Activity" , and "an intrusion attempt was blocked - system infected Trojan.Poweliks Activity".
In all cases Norton Security indicates "No Action Required".
Scans by Norton Power Eraser and full system virus scans indicated no threats. I tried to install Malwarebytes but got a message to the effect that security settings would not allow the download.
I discovered that my download / install of Malwarebytes was prevented by security settings in IE having been changed by prior malware attack. The settings have been corrected and Malwarebytes has been run, but it discovered no threats. Norton Security finally did see "System Infected Trojan.Poweliks Activity" and removed it, and I also downloaded / installed and ran the Norton removal tool to verify it was no longer on system.
I'm a little befuddled on the MSIE XMLDG M Active X CVE-2013-7331 thing, as according to all the Microsoft bulletins my system has long ago had all the IE updates to prevent that vulnerability. Unless Norton is just logging that an attempted attack was made.?
The Trojan.Adclicker is a bit of a puzzle too, as it appears the malware was identified back in 2002 and is included in Symantec/Norton's attack signatures. Multiple full systems scans show no Adclicker infection, nor does Malwarebytes see it. Maybe resolving the Trojan.Poweliks infection was providing the attack vector for the other items, and in resolving it the others has been addressed as well? Will see...
What browser I was using made no difference. Before the removal of Trojan.Poweliks, I experienced an attack this morning when I didn't have any browser open. As soon as it occurred I went right to IE tools / security settings and sure enough, they had been altered again after I had fixed them last night. It was turning off "Enable Protected Mode" and turning off security level for Internet Zone. In advanced settings - Security - it was unchecking "check for server certificate revocation", and "warn about certificate address mismatch", and warn if post submitted is redirected to a zone that does not permit posts". Under - Browsing - it was unchecking boxes for "enables visual styles in buttons & controls in web pages" and "use smooth scrolling".
Have not experienced another attack since Norton removed Trojan.Poweliks this morning, and as such IE security settings are unchanged. Still concerned that "stuff" is still lingering in my system though. Help.?