I started my computer and was notified of updates. The updates were Microsoft Sliverlight 6.0MB and Microsoft Security Essentials. I updated. I shut down my computer and went to work. I came back and started my computer and received a popup that Java failed to start, click here to fix. It was only through quick thinking and experience that I avoided a disaster. I shut down my computer and restarted in safe mode with networking. I opened MSE and the virus was listed in the history and the action taken was allowed. Allowed, my settings are Quarantine for all 4 levels. How can MSE allow a virus when it knows it is a virus? I did a full scan and MSE said No threats were found. No threats, it is a Virus! Since the virus was listed in History in all detected items there is no option to remove it. It was not listed in Quarantined or Allowed. I went to OneCare Safety Scanner, No help there also! I did a system restore (which might not have worked had I let the virus scan my computer). I have always said system restore is last option. I have fixed every problem to date and never used system restore before. I volunteer on Microsoft TechNet and Microsoft Answers forums and this is my very first question. My system log below shows the virus. My blood is boiling over!!!!!!!! Log Name: System Source: Microsoft Antimalware Date: 14/02/2011 6:12:37 PM Event ID: 1116 Task Category: None Level: Warning Keywords: Classic User: N/A Computer: Removed for security Description: Microsoft Antimalware has detected malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Rogue:Win32/FakeRean&threatid=2147607809 Name: Rogue:Win32/FakeRean ID: 2147607809 Severity: Severe Category: Trojan Path: process:_pid:3920 Detection Origin: Unknown Detection Type: Heuristics Detection Source: System User: NT AUTHORITY\SYSTEM Process Name: C:\Users\Removed for security\AppData\Roaming\defender.exe Signature Version: AV: 1.97.1671.0, AS: 1.97.1671.0, NIS: 9.1.0.0 Engine Version: AM: 1.1.6502.0, NIS: 2.0.5854.0 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft Antimalware" /> <EventID Qualifiers="0">1116</EventID> <Level>3</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-02-14T23:12:37.000Z" /> <EventRecordID>34500</EventRecordID> <Channel>System</Channel> <Computer>Removed for security</Computer> <Security /> </System> <EventData> <Data>%%860</Data> <Data>3.0.8107.0</Data> <Data>{79A27CE3-F762-45FC-8CD8-B95DF3C298F4}</Data> <Data>2011-02-14T23:12:07.157Z</Data> <Data> </Data> <Data> </Data> <Data>2147607809</Data> <Data>Rogue:Win32/FakeRean</Data> <Data>5</Data> <Data>Severe</Data> <Data>8</Data> <Data>Trojan</Data> <Data>http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Rogue:Win32/FakeRean&amp;threatid=2147607809</Data> <Data>1</Data> <Data> </Data> <Data>1</Data> <Data>2</Data> <Data>%%820</Data> <Data>C:\Users\Removed for security\AppData\Roaming\defender.exe</Data> <Data>NT AUTHORITY\SYSTEM</Data> <Data> </Data> <Data>process:_pid:3920</Data> <Data>0</Data> <Data>%%844</Data> <Data>3</Data> <Data>%%848</Data> <Data>1</Data> <Data>%%821</Data> <Data>0</Data> <Data>9</Data> <Data>%%887</Data> <Data> </Data> <Data>0x00000000</Data> <Data>The operation completed successfully. </Data> <Data> </Data> <Data>0</Data> <Data>0</Data> <Data>No additional actions required</Data> <Data> </Data> <Data> </Data> <Data>AV: 1.97.1671.0, AS: 1.97.1671.0, NIS: 9.1.0.0</Data> <Data>AM: 1.1.6502.0, NIS: 2.0.5854.0</Data> </EventData> </Event>

The same thing happened to me, I also had to do a system restore, I don't understand why MSE says that it should be removed, yet it allows it. td

Well the allow is most likely put there by the virus program, and the options were blocked by the virus program. What I meant by MSE allowed it is, MSE programers know about this virus yet their definitions were not good enough to stop it so it was allowed. My MSE was totally up to date and Real Time Protection was on. Thanks for the bad day MSE!

Hi, When was the virus recorded in the history? Before the update? If so, the update refresh the defination of the virus data, the "virus" was proved to be safe. It might be a component from a third party software. Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I too am having a problem with MSE allowing things that are detected. Under Settings, Default Actions, all four alert levels are set to Remove. However, occasionally I'll check the History tab and see that I have detected items listed and the action taken section says ALLOWED. How can this be?