Hello, thank you for your attention to this problem.
The symptom starts from a series notifications by Symantec Endpoint Protection (auto protect scan) indicating that it found Trojan.FakeAV!gen11 in C:\WINDOWS\Temp\****.tmp\svchost.exe (where **** representing any 4 english letters). And Symantec is able to clean by deletion each time this trojan was found. However, it contiously comes back. One sympatom that I found is that it (or something else) redirected all google search results to some websites in any web browser (not just IE). Another interesting thing is that when I closed my laptop (wireless) internet connection, the Endpoint will not report this trojan. And I tried to restart the the laptop using safe mode, but the laptop refused to start in safe mode (it will automatically go back to reboot each time I choose "start using safe mode").
I followed the "UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions":
Step 1: ran full scan using Symantec Endpoint (updated virus definition before the scan) and found nothing (no risk). (However, during the full scan, the endpoint auto protect is continously finding this trojan if I turned on the wireless internet connection). I also disabled system restore when endpoint was scanning.
Step 2: done three times.
Step 3: disabled Symantec Endpoint Protection.
Step 4: attached the log for Malwarebytes.
Step 5: attached the log for superantispyware. (However, during the scan by superantispyware, the symantec endpoint protection notification shows up again - the auto-protect scan found the same thing in C:\WINDOWS\Temp\*.exe (where * is a English letter), but this time endpoint can't delete or clean this trojan. I don't know how to turn the endpoint auto-protect scan off).
Step 6: done as required.
Step 7: done and attached log.
Step 8: done.
Thank you again and waiting for your help.
The symptom starts from a series notifications by Symantec Endpoint Protection (auto protect scan) indicating that it found Trojan.FakeAV!gen11 in C:\WINDOWS\Temp\****.tmp\svchost.exe (where **** representing any 4 english letters). And Symantec is able to clean by deletion each time this trojan was found. However, it contiously comes back. One sympatom that I found is that it (or something else) redirected all google search results to some websites in any web browser (not just IE). Another interesting thing is that when I closed my laptop (wireless) internet connection, the Endpoint will not report this trojan. And I tried to restart the the laptop using safe mode, but the laptop refused to start in safe mode (it will automatically go back to reboot each time I choose "start using safe mode").
I followed the "UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions":
Step 1: ran full scan using Symantec Endpoint (updated virus definition before the scan) and found nothing (no risk). (However, during the full scan, the endpoint auto protect is continously finding this trojan if I turned on the wireless internet connection). I also disabled system restore when endpoint was scanning.
Step 2: done three times.
Step 3: disabled Symantec Endpoint Protection.
Step 4: attached the log for Malwarebytes.
Step 5: attached the log for superantispyware. (However, during the scan by superantispyware, the symantec endpoint protection notification shows up again - the auto-protect scan found the same thing in C:\WINDOWS\Temp\*.exe (where * is a English letter), but this time endpoint can't delete or clean this trojan. I don't know how to turn the endpoint auto-protect scan off).
Step 6: done as required.
Step 7: done and attached log.
Step 8: done.
Thank you again and waiting for your help.