[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 241
  • Last Modified:

XP Internet Security 2011 Infection

I'm able to remove this infection, but is there anyway to figure out where it's coming from or what vulnerability it might be exploiting?

I doubt it, but just want to know.
0
Kram80
Asked:
Kram80
2 Solutions
 
Chris MillardCommented:
It's pretty much impossible to tell where it comes from. There are so many sources for infection - even banner ads on what are normally "safe" websites can be used to infect PCs.

Sadly, a lot of AV products don't cope with this type of Malware very well either.

All I can suggest is to be vigilant and to perhaps look at your AV/Malware products and see if there is something better on the market.
0
 
rpggamergirlCommented:
Rogue programs such as these can get in the system in many different ways, by visiting an already infected webpages where you don't even need to click on anything, use of those fake scanners pages in some sites, or masquerading as an update to your Adobe Flash, clicking on links via YouTube(this was how my PC got infected with Antimalware Doctor).They can also pretend as a fake codec to download etc.

From an article I've read not long ago it says social engineering is their dominant method of propagating/installing into many systems, tricking the users into thinking that their systems are infected forcing them to click on anything that caused the malware to install, thats why they're also known as Scareware/ransomeware.

Rogue programs use different methods for spreading themselves, according to Bleepingcomputer tutorial, this particular one(XP Internet Security 2011 which is same as XP total Security) was offered as a movie download to get into the system. They belong to a family of rogues which have many variants.

http://www.geekstogo.com/forum/topic/299547-removal-instructions-for-xp-total-security-2011-and-its-clones/

Rogues can even infect a system where users are browsing on "Limited User Account" privs, so our best chance is to have windows fully updated, programs fully updated so they can't be exploited e.g., java, Adobe Flash etc.
and install MalwareBytes with real-time protection.

In my case, clicking a link on Youtube that points to Squidoo.com(which is also a legit site) and clicking on an anchored link on a Squidoo page is how my system got infected even though MalwareBytes was installed with real-time protection on.
So really there is no protection that can protect a system 100%,. user education must also be part of that protection.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now