3 cases of TDSS - Google redirect
4 Cases of fake antivirus -
I've been able to remove them all quickly with a combination of Malwarebytes and manual removal, but that's not the problem.
I'm running the latest AVG (including safesearch/browsing, weekly Malwarebytes scans, and running spywareblaster. And all the Windows 7 installations are up to date:
These folks are generally not on porn sites, do not download anything from peer-to-peer and are all completely paranoid about opening attachments - not to mention that I have ALL their emails and even browsing history and I've gone back to what I think the date of infection of each is and cannot find any source.
My question - specifically on the fake antivirus malware, what is the mechanism of infection? I just flat can't seem to find a way to "plug the hole". Has anyone ever done the equivalent of forensic analysis to figure out how different malware originally infected a computer?