XP Internet Security 2011 Infection

Posted on 2011-05-04
Last Modified: 2012-05-11
I'm able to remove this infection, but is there anyway to figure out where it's coming from or what vulnerability it might be exploiting?

I doubt it, but just want to know.
Question by:Kram80
    LVL 17

    Assisted Solution

    by:Chris Millard
    It's pretty much impossible to tell where it comes from. There are so many sources for infection - even banner ads on what are normally "safe" websites can be used to infect PCs.

    Sadly, a lot of AV products don't cope with this type of Malware very well either.

    All I can suggest is to be vigilant and to perhaps look at your AV/Malware products and see if there is something better on the market.
    LVL 47

    Accepted Solution

    Rogue programs such as these can get in the system in many different ways, by visiting an already infected webpages where you don't even need to click on anything, use of those fake scanners pages in some sites, or masquerading as an update to your Adobe Flash, clicking on links via YouTube(this was how my PC got infected with Antimalware Doctor).They can also pretend as a fake codec to download etc.

    From an article I've read not long ago it says social engineering is their dominant method of propagating/installing into many systems, tricking the users into thinking that their systems are infected forcing them to click on anything that caused the malware to install, thats why they're also known as Scareware/ransomeware.

    Rogue programs use different methods for spreading themselves, according to Bleepingcomputer tutorial, this particular one(XP Internet Security 2011 which is same as XP total Security) was offered as a movie download to get into the system. They belong to a family of rogues which have many variants.

    Rogues can even infect a system where users are browsing on "Limited User Account" privs, so our best chance is to have windows fully updated, programs fully updated so they can't be exploited e.g., java, Adobe Flash etc.
    and install MalwareBytes with real-time protection.

    In my case, clicking a link on Youtube that points to is also a legit site) and clicking on an anchored link on a Squidoo page is how my system got infected even though MalwareBytes was installed with real-time protection on.
    So really there is no protection that can protect a system 100%,. user education must also be part of that protection.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Malicious software is nothing new. Viruses have been created and spread since before physical networks became popular; back then viruses spread via floppy disk and modem connections with shared systems. Viruses weren't so rampant and protecting your…
    Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now