antivirus 2009 spyware and firewall solution

The spyware "Antivirus 2009" sometimes gets installed on computers in our network.  We are running a Symantec antivirus product on every station and also are behind a firewall.  Is there something that I can do to block at the firewall level or on each desktop?  I imagine that I can purchase Malwarebytes or something and have it running as a service on each machine but that's a good sized investment.  

Second, does anyone know exactly how users are getting hit with this spyware?  I imagine something to do with hotmail and yahoo mail or something like that, as a few of the users involved are not techie enough to go to warez sites or places like that.

Thanks.
youthworksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hodgeyohnCommented:
what kind of firewall are you using
sonicwall has antivirus / antispyware functions built in.
0
youthworksAuthor Commented:
I am using a SonicWall but do not use their builtin antispyware functions.  As an NPO, we get great discounts on enterprise antispyware/antivirus solutions from Symantec.  If anyone knew what IP Antivirus 2009 was coming from, or IPs, or something like that, maybe that could help.  No one seems to be writing enough about stopping it, only removal of it.
0
youthworksAuthor Commented:
Okay, I've run across some information.

Two sites that I've not plugged into my firewall as sites to block are antivirus-scanner.com and prosecurity-audit.com.  Apparently these are only 2 of the places it may go to try and download A9installer_880293.exe and install it.

I also ran across this information at http://answers.yahoo.com/question/index?qid=20081116130823AAiwrmF.

The reason people get it is they allow "3rd Party Cookies" and 'Active 'X', which in this case displays some type of icon, or pop-up warning, which in reality is a 'Click-jacking' whereby the real action you perform is hidden behind the visible display; so when you tick (click) anything, the malware installs itself.

Unlike typical pop-up advertising (stopped with available blockers) 3rd party cookies are entirely different critters.
Turn off "3rd Party Cookies", and always leave them off.

INTERNET EXPLORER: Tools> Internet Options> Privacy> Advanced: here check 'Override automatic....'; 'Allow session cookies'; 'Allow 1st party cookies'; & 'Block 3rd Party Cookies'.

FIREFOX: Tools> Options> Privacy: here UN-CHECK 'Accept 3rd Party cookies'

OPERA, et al: not sure, check under 'options' for this.

Because architecture of the Internet (notably 'Flash' scripting), vulnerabilities are readily exploited in Internet Explorer, & it is now urgent that you use
Firefox with current 'NoScript' add-on, which will prevent "Click-jacking'.
NoScript: https://addons.mozilla.org/en-US/firefox...
0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

youthworksAuthor Commented:
any other sites or thoughts?
0
youthworksAuthor Commented:
found some more sites to block:
    * syshomepage.com
    * allinone-scanner.com
    * powerfullantivirusscan.com
    * securityfullscan.com
    * premium-pc-scan.com
    * viruslivescan.com
    * antivirus-premiumscan.com
    * antivirus-scan-online.com
    * save-my-pc-now.com
    * protection-overview.com
    * freeonlinescanner9.com
    * vassariumbig.com
    * securedownloadcenter.com
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Karl HaskinsSr. Technology Specialist - Asset ManagementCommented:
I have battled this problem for a few months, and the root of the problem exists because this malware exploits, the logged on user rights. If the user is local admin the Pc is vunerable to infection.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.