BehaviorThe program must be manually installed.
The program reports false or exaggerated system security threats on the computer.
The user is then prompted to pay for a full license of the application in order to remove the errors.
InstallationWhen the program is executed, it creates the following files:
- %UserProfile%\Application Data\XPdefender\logs\[RANDOM FILENAME].log
- %UserProfile%\Start Menu\Programs\Startup\.protected
- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\.protected
- C:\Documents and Settings\All Users\Start Menu\Programs\XPdefender\XPdefender Uninstall.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\XPdefender\XPdefender.lnk
- %ProgramFiles%\XPdefender\program.info
- %ProgramFiles%\XPdefender\Uninstall.exe
- %ProgramFiles%\XPdefender\XPdefender.db
- %ProgramFiles%\XPdefender\XPdefender.exe
- %ProgramFiles%\XPdefender\XPdefender.pkg
- %System%\drivers\etc\.protected
- %Windìr%\.protected
- %SystemDrive%\.protected
Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"XPdefender" = ""C:\Program Files\XPdefender\XPdefender.exe" hide"
It also creates the following registry subkeys:
- HKEY_CURRENT_USER\Software\XPdefender
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XPdefender
- HKEY_LOCAL_MACHINE\SOFTWARE\XPdefender
