Home / malwarePDF  

Adware.WinXDefender.Gen


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Adware.WinXDefender.Gen is also known as WinxDefender.

Explanation :

WinxDefender is a rogue security software that generates fake scan results and numerous pop-up notifications regarding user security. The fake results on a clean machine vary from Spyware and Backdoors to Trojans,Worms and Rootkits. The number of infections found on a clean machine are different at each scan(usually around 500).
WinXDefender performs a full system scan in less then 20 seconds. It doesn’t scan any files.
WinXDefender covertly installs itself into “%Program Files%WinXDefender” and starts scanning immediately after the installation is complete. It also generates numerous popup which asks the user to buy the product in order to get rid of the false infections.
The “Clean” procedure on WinXDefender is very weak. It can only kill some processes or delete some files and it fails on some advanced malware like rootkits or Trojans.

When executed, WinXDefender installs
•the following files on disk:
%Programs%WinXDefenderPurchase License.lnk
%Programs%WinXDefenderStart WinXDefender.lnk
%Programs%WinXDefenderSupport Page.lnk
%Programs%WinXDefenderWinXDefender Uninstall.lnk
%Application Data%WinXDefenderDesc.dat
%Application Data%WinXDefenderase.dat
%Application Data%WinXDefenderase2.dat
%Desktop%WinXDefender.lnk
%Program Files%WinXDefenderBuy.url
%Program Files%WinXDefenderHelp.url
%Program Files%WinXDefenderHowToBuy.txt
%Program Files%WinXDefenderLicense.txt
%Program Files%WinXDefenderLngEnglish.lng
%Program Files%WinXDefenderUninstall.exe
\%Program Files%WinXDefenderWinXDefender.exe

It creates only one registry value in
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunWinXDefender. The purpose of this value is to run WinXDefender every time the windows starts.

Last update 21 November 2011

 

TOP