XP Police Antivirus

by Albin on January 28th, 2009 in Researcher Comments, Security Alerts.

XP Police Antivirus is a new rogue anti-spyware application. It will give exaggerated threat reports on the compromised computer then ask the user to purchase a registered version to remove threats which don't exist.

XPPoliceAntivirus

XPPoliceAntivirus installs the following files, folders and registry entries:

FileHashEntries

xp-policy.exe

xppolice.exe

Additional Files

%Desktop%XP Police Antivirus.lnk

%StartMenu%XP Police Antivirus.lnk

FolderEntries

%ProgramFiles%XPPoliceAntivirus

RegistryEntries

Key: HKEY_CURRENT_USER\Software\XP Police Antivirus
Value:
Data:

Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Value: PoliceAV
Data: C:\Program Files\XPPoliceAntivirus\xppolice.exe