Recently, a co-worker went to a wikipedia page, and clicked a link.  Seconds later, there was one of those antivirus pop ups asking for money, as well as a url redirector.

I am curious as to why Symantec Endpoint Protection Version 11.0.5002.333 wouldn't catch the program before it installed.

I ran a totally different malware program and here is a basic of what it found, and deleted:

REGISTRY KEYS INFECTED:

Trojan.BHO

Adware,MyWebSearch (this is listed three times)

FILES INFECTED:

c:\documents and settings\username\local settings\application data\mmxjttphq\naokxhitssed.exe (rogue.antivirussuite.gen

c:\documents and settings\shared\lib.sig (adware.deepdive

c:\documents and settings\username\local settings\temp\e.exe (trojan dropper)

The program i used reported that it quarantied and deleted those. I ran the program again, and it found:

REGISTRY KEYS INFECTED:

Trojan.BHO

Adware.MyWebSearch (this is listed 3 times)

Would anyone possibly know why these were not caught by the Symantec program?

Thanks in advance,

Bruce Zoldak