1. Symantec/
  2. Security Response/
  3. XPSecurityCenter

XPSecurityCenter

Updated:
May 19, 2008 10:27:26 AM
Type:
Misleading Application
Name:
XP Security Center Module
Version:
1.0.0.1
Publisher:
XPSecurityCenter.com
Risk Impact:
Medium
Systems Affected:
Windows
Behavior
The program must be manually installed. It can be installed from the following location:
XPSecurityCenter.com

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the errors.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Local Settings\Temp\Binaries1.zip
  • %UserProfile%\Local Settings\Temp\Binaries2.zip
  • %UserProfile%\Local Settings\Temp\Binaries3.zip
  • C:\Documents and Settings\All Users\Desktop\XPSecurityCenter.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter\Uninstall.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\XPSecurityCenter\XPSecurityCenter.lnk
  • %ProgramFiles%\XPSecurityCenter\data\daily.cvd
  • %ProgramFiles%\XPSecurityCenter\htmlayout.dll
  • %ProgramFiles%\XPSecurityCenter\install.exe
  • %ProgramFiles%\XPSecurityCenter\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
  • %ProgramFiles%\XPSecurityCenter\Microsoft.VC80.CRT\msvcm80.dll
  • %ProgramFiles%\XPSecurityCenter\Microsoft.VC80.CRT\msvcp80.dll
  • %ProgramFiles%\XPSecurityCenter\Microsoft.VC80.CRT\msvcr80.dll
  • %ProgramFiles%\XPSecurityCenter\pthreadVC2.dll
  • %ProgramFiles%\XPSecurityCenter\un.ico
  • %ProgramFiles%\XPSecurityCenter\unzip32.dll
  • %ProgramFiles%\XPSecurityCenter\XPSecurityCenter.dll
  • %ProgramFiles%\XPSecurityCenter\XPSecurityCenter.exe
  • %ProgramFiles%\XPSecurityCenter\XP_SecurityCenter.cfg

It may then create the following files:
  • %UserProfile%\Application Data\[RANDOM FILE NAME]
  • %UserProfile%\Local Settings\Application Data\[RANDOM FILE NAME]
  • %System%\[RANDOM FILE NAME]
  • %Windir%\[RANDOM FILE NAME]
  • C:\Documents and Settings\All Users\Application Data\[RANDOM FILE NAME]
  • C:\Documents and Settings\All Users\Documents\[RANDOM FILE NAME]

Where [RANDOM FILE NAME] is created by the program using random letters and one of the following extensions:
  • ._dl
  • .bat
  • .bin
  • .dat
  • .db
  • .exe
  • .inf
  • .pif
  • .reg
  • .sys
  • .vbs
Note: Mutiple files may be created.

Next, the program creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"XP SecurityCenter" = ""C:\Program Files\XPSecurityCenter\XPSecurityCenter.exe" /hide"

It also creates the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\XP_SecurityCenter

Similar Security Risks
WinReanimator

Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
2016 Internet Security Threat Report, Volume 21
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube