Trojan Agent Blocked, but not really

 

Viewing a supposedly legitimate (PG) website photos I noted (IE8) alert came on that browser was unprotected, followed by a Windows popup request whether to allow download of an exe file called 'winupd7068'. NIS2012 alert then popped up notifying me that an intrusion attempt was blocked by malicious toolkit website 9. I closed the windows popup so as not to download the file, reset my IE8 security settings back to default or protect. Opened NIS advanced and reviewed history. See NIS details here. It indicates intrusion was 'Blocked' and no action required. Rebooted PC, and on opening IE again found security settings unprotected, along with chiming sound, alerting to error message 'out of memory at line 14'. Since I run the CPU usage gadget though I could see I was not using any memory, and had plenty more to spare. NIS popup of repeated blocks of the trojan continued. Ran NIS full scan, no discrepancies found.  So I downloaded and installed free Malwarebytes, did a quick scan which immediately found/quarantined a Trojan Agent in Memory Processes, and Registry Values, and temp files, which Malwarebytes deleted all successfully on reboot. No further issues after this.

 

So, how did this happen if in fact NIS had 'Blocked' the intrusion, and even failed to detect it on Scan, not to mention telling users that 'No action required'. There is only one answer; it didn't, and you should. Although I have been a long time user of Norton and NIS, my confidence in the product is shaken.

 

NIS Trojan Block.JPG