Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How does XP Internet Security 2011 spread?


  • Please log in to reply
5 replies to this topic

#1 GeoffDaw

GeoffDaw

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 15 March 2011 - 07:19 AM

I have just been fixing a friend's laptop that had XP Internet Security 2011 on it. I seem to have managed to remove it easily by going back to a System Restore point a couple of days previous but I would really like to know how it got there so I can advise her for future. The friend in question is typical of a number of more mature ladies I help out. She basically uses her laptop for email and limited web browsing and is very cautious and wary of anything unfamiliar. The laptop has automatic updates enabled, an up-to-date Microsoft Security Essentials and Windows Firewall.

She says that she hasn't loaded any software for weeks or been asked to load or update anything that it could have piggy-backed on. There is certainly nothing recent under Program Files and the only recent System Restore points are from automatic updates. I have checked her recent emails and there are none with attachments. Some have links, usually to jokes of some sort, but I have checked her browser history and she has only gone to about 20 sites in the last week and all of them innocuous and not from the email links.

Can anybody please explain how these nasty bits of software typically get on to machines or anything else I can check or do before handing it back.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 PM

Posted 15 March 2011 - 08:10 AM

Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 GeoffDaw

GeoffDaw
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 15 March 2011 - 09:33 AM

Thanks. I had read that and am familiar with the principals but I hoped that someone might know how XP Internet Security 2011 specifically is distributed. I know that most malware piggy-backs on the install of some seemingly genuine software but this seems unlikely in this situation.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 PM

Posted 15 March 2011 - 10:02 AM

XP Guard, Vista Antispyware 2011, Win 7 Antimalware and XP Internet Security 2011 are all names for the same rogue anti-spyware program.

Rogue security programs are explained in the first section of the link I provided. They all essentially use the same principles for infection - social engineering and scams to trick a user.

How that is done is explained in more detail in these articles:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 GeoffDaw

GeoffDaw
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 15 March 2011 - 11:07 AM

Apologies. I had thought you were referring me to the 'How did I get infected' pinned thread which I had read. I have now looked at your thread and see that it has much more specific information and references. 'Anatomy of a malware scam' is particularly interesting. Am I right in thinking though that no matter how devious the website, in order to get software on your machine it must have initiated a file download and IE asking 'Do you want to open or save this file'. Or have they found a way round that too?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:58 PM

Posted 15 March 2011 - 01:03 PM

On some webpages you may encounter a malicious script which executes and downloads a file without you even realizing it. I also explain that infection vector in my topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users