1. /
  2. Security Response/
  3. WinXDefender

WinXDefender

Updated:
August 8, 2007 11:52:27 AM
Type:
Misleading Application
Name:
WinXDefender
Version:
2.0
Publisher:
SS Development
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
The application reports a number of exaggerated reports on the computer.




The user is then prompted to pay for a full license of the application in order to remove the falsely reported threats.





Installation
When the program is execued, it creates the following files:
C:\Documents and Settings\[CURRENT USER]\Application Data\WinXDefender\base.dat
C:\Documents and Settings\[CURRENT USER]\Application Data\WinXDefender\base2.dat
C:\Documents and Settings\[CURRENT USER]\Application Data\WinXDefender\Desc.dat
C:\Documents and Settings\[CURRENT USER]\Desktop\WinXDefender.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinXDefender\Purchase License.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinXDefender\Start WinXDefender.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinXDefender\Support Page.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\WinXDefender\WinXDefender Uninstall.lnk
C:\Program Files\WinXDefender\Buy.url
C:\Program Files\WinXDefender\Help.url
C:\Program Files\WinXDefender\HowToBuy.txt
C:\Program Files\WinXDefender\License.txt
C:\Program Files\WinXDefender\Lng\English.lng
C:\Program Files\WinXDefender\Uninstall.exe
C:\Program Files\WinXDefender\WinXDefender.exe

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"WinXDefender" = "C:\Program Files\WinXDefender\WinXDefender.exe"


Similar Security Risks
Magicantispy

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report