It's not just "personal security." In my shop I run across dozens weekly.
No software can stop the insertion of these rogue antivirus programs, since the user "willingly" installs it into their machine.
Click sense, or the lack thereof, is the largest contributor of this. A warning box (through IE or FF process) appears and most people do not even read it. A click anywhere in the window installs the software (click-jacking). The only way to prevent this from happening is to open task manager and kill all internet related tasks.
Where does it come from? Mainly p2p networking clients. Secondly, social networking sites, or any site where "code" or user input that accept redirects or html (or similar code) can be setup to hijack you. These hijacks are primarily designed to circumvent or disable most top marketed antivirus software and pretty much any software firewall.
Prevention is almost impossible, since most people do not understand "click sense," and others do not care to learn. I have preached to people, and they will come back to me with the same problem 2 weeks later.
Early detection is the key. I can remove these, if caught early enough, with Malwarebytes, Superantispyware, and Avast (boot time scan) in that order. If too many services are modified, and system files become too corrupt, it is best to backup the data and wipe the hdd's (all of them). I used to leave recovery partitions in tact, but those are no longer safe anymore either.
BOOM!
