• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 245
  • Last Modified:

XP Internet Security 2011 Infection

I'm able to remove this infection, but is there anyway to figure out where it's coming from or what vulnerability it might be exploiting?

I doubt it, but just want to know.
2 Solutions
Chris MillardCommented:
It's pretty much impossible to tell where it comes from. There are so many sources for infection - even banner ads on what are normally "safe" websites can be used to infect PCs.

Sadly, a lot of AV products don't cope with this type of Malware very well either.

All I can suggest is to be vigilant and to perhaps look at your AV/Malware products and see if there is something better on the market.
Rogue programs such as these can get in the system in many different ways, by visiting an already infected webpages where you don't even need to click on anything, use of those fake scanners pages in some sites, or masquerading as an update to your Adobe Flash, clicking on links via YouTube(this was how my PC got infected with Antimalware Doctor).They can also pretend as a fake codec to download etc.

From an article I've read not long ago it says social engineering is their dominant method of propagating/installing into many systems, tricking the users into thinking that their systems are infected forcing them to click on anything that caused the malware to install, thats why they're also known as Scareware/ransomeware.

Rogue programs use different methods for spreading themselves, according to Bleepingcomputer tutorial, this particular one(XP Internet Security 2011 which is same as XP total Security) was offered as a movie download to get into the system. They belong to a family of rogues which have many variants.


Rogues can even infect a system where users are browsing on "Limited User Account" privs, so our best chance is to have windows fully updated, programs fully updated so they can't be exploited e.g., java, Adobe Flash etc.
and install MalwareBytes with real-time protection.

In my case, clicking a link on Youtube that points to Squidoo.com(which is also a legit site) and clicking on an anchored link on a Squidoo page is how my system got infected even though MalwareBytes was installed with real-time protection on.
So really there is no protection that can protect a system 100%,. user education must also be part of that protection.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now