I have had XP Antivirus on 7 different machines, across 3 different client companies. Each client has a different enterprise AV solution deployed: TrendMicro, McAfee Managed Security, and AVG's enterprise product. Some of the machines that got infected were completely up to date with Windows patches, some were not. Some of the users that had thier machines infected are known to do some sketchy web surfing, but other users don't do anything sketchy.
I've read online that the reason XP Antivirus is not caught is b/c it isn't really a virus or spyware - it is malware or rogueware. In your experience(s), are users clicking on something to allow this to get installed? Is this explanation legitimate?
I've always had good luck removing this with bleepingcomputer's combofix, so I'm not looking for help there - I just would like to understand and be able to explain why this keeps popping up. Because I'm not convinced this "rougeware, not virus" explanation is a good one, I've not been able to convince my clients that it isn't the fault of the AV program they have or (heaven forbid!) thier I.T. Service Provider.