"Drive-By" malware infections

I was hit by a drive-by virus/trojan/rootkit/nasty/evilware a while back and none of my active protection picked it up until after it had installed. MalwareBytes caught it as the parent process tried to access one of it's child processes, it sent up a red flag which helped stop it from getting worse, but nothing stopped it from coming in, nothing even warned me. I use Firefox3. My active protection includes: BOclean; Avira's free version; MalwareBytes paid version. I had stopped using Online Armor about a month prior to this. It seemed unnecessary as it never seemed to flag anything that was dangerous (it was doing it's job and I highly recommend it; it was flagging dangerous 'behavior' like registry access by programs and unknown activeX/software installs and access) and I considered myself a safe web user (no adult sites or w@R3z) and I thought it would be OK if I turned it off. Would Online Armor (or something similar) have stopped this drive by from infecting my PC? I was infected with TDSSserv.dll. I think it's called Vundo/Virtumonde on some security sites, but it's also labeled as a rootkit on other sites. How does someone stop drive by infections? I was Googling for info about a certain file extension when I got hit, so I wasn't going to any shady sites....
Thanks.

(If this should be in the Malware forum, feel free to move it)

 

hi,

this is my windows setup,

spybot - full protection enabled (no teatimer though)
spywareblaster - full protection enabled
zone alarm - free firewall - upto date
avg7.5 - all upto date (???)
spyware terminator - immunized, shield and hips enabled only

download manager with avg and spybot integrated,

only had one infection, which was quite a while ago now,
i've had loads of things trying to install - but i always get the alarm bells before anything actually happens,

i use online scanners - trendmicro, bitdefender and ewido, with blacklight rootkit detector, silentrunners and hijackthis - all as backups

 

Other than the one drive-by, I have never had anything infect my home PC, never EVER! I never even get warnings from my protection apps. But this one time really has me a bit worried. I've been really happy with my security up 'til now, and I'm a bit reluctant to change anything except for maybe adding something. I suppose I'll have to do some research on the various free firewalls and see which is best at stopping drive by infections. I have used Online Armor fairly extensively and I like it, I'm comfortable with, so I think I'll start there...
Thanks for the info guys! If anyone else has something pertinent to add, feel free.
:-D

 

I've got Armor Online FW now for a little while after I tried Comodo's FW. The latter was just too cumbersome for me, way too many pop up alerts with Defense+. So I put the Defense+ out of commission but felt that perhaps then safety would be compromised, so I switched to Armor Online and sofar am happy with it.

If one has got Spybot S&D and uses the "immunize' feature, Online Armor's firewall puts all these in "local host". I've got 93.313 items in Spybot's immunize feature and having that many items may perhaps slow down the browser somewhat. At least that's what I read somewhere on Armor Online forum.

I also started to use AVG 8 with all features enabled. No toolbar. When I installed it when the new AVG 8 came out, the browser was definitely slower, but not this time around.

My 2 cents for what it's worth.

BTW: I can imagine that your experience freaked you out with all the "live" defense you had. Do I understand you correctly that you had turned the FW off? If that was the case.... OUCH!!

 

No, I'm not behind a router. Just one PC in the home plugged directly in to the broadband/cable modem. I have since loaded up Online Armor and I think I'll just let it run.... FOREVER! I also saw this on the MG front page yesterday: WOT for Firefox. The description looks promising.... has anyone used this? Or even heard of it?