Link to home
Create AccountLog in
Avatar of expectit
expectit

asked on

Why/How does XP antivirus get installed?

I have had XP Antivirus on 7 different machines, across 3 different client companies.  Each client has a different enterprise AV solution deployed: TrendMicro, McAfee Managed Security, and AVG's enterprise product.  Some of the machines that got infected were completely up to date with Windows patches, some were not.  Some of the users that had thier machines infected are known to do some sketchy web surfing, but other users don't do anything sketchy.

I've read online that the reason XP Antivirus is not caught is b/c it isn't really a virus or spyware - it is malware or rogueware.  In your experience(s), are users clicking on something to allow this to get installed?  Is this explanation legitimate?  

I've always had good luck removing this with bleepingcomputer's combofix, so I'm not looking for help there - I just would like to understand and be able to explain why this keeps popping up.  Because I'm not convinced this "rougeware, not virus" explanation is a good one, I've not been able to convince my clients that it isn't the fault of the AV program they have or (heaven forbid!) thier I.T. Service Provider.
Avatar of alikaz3
alikaz3
Flag of United States of America image

I've fixed 3 machines with the Antivirus XP 2008/2007 malware loaded. From what I can tell, it is installed when a (usually low-skill) computer user is browsing free games using IE. A popup saying "your computer is infected" conveniently re sized to full screen is in front of you, needing only a click to install via ActiveX.

I have also been noticing that malware can get into your system from social networking sites. If your site (myspace, facebook, etc.) has an ad on it, the ad is on another website. If a hacker can gain access to the server hosting the ad images, they can inject code into the images themselves, so when you load your site, the code is immediately ran on your computer. These social sites are being targeted because of their massive amounts of users, giving the new viruses/malware a HUGE target audience :D. I say make sure you are running any internet explorer OTHER THAN IE OR AOL (IE with a pretty skin on it), and also install spybot search and destroy - update and immunize. And you also want a good antivirus. This way your system is protected from the standard barrage of crap floating around.
ASKER CERTIFIED SOLUTION
Avatar of IndiGenus
IndiGenus
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Avatar of expectit
expectit

ASKER

thanks - that helps!