Virus Encyclopedia
Welcome to the Virus Encyclopedia of Panda Security.
Encyclopedia
GetVirusCard
True
0
Effects
XP-Shield is an adware program that passes itself off as the Windows Security Center, using icons that imitate the original one, in order to deceive users.
It carries out the following actions:
- When it is run, it scans the affected computer in search for threats.
- Once the scan is finished, it deceives users warning them of unexisting threats and from time to time displays popups where users are warned of the presence of malware on their systems:
- In order to remove them from the computer, users are requested to purchase a certain program.
- The program contains a file with information about the malicious codes that will be detected in the affected computer once the analysis is carried out.
- In spite of closing the program, it remains resident in the system:
- It creates shortcuts in the Start menu and the Desktop:
Infection strategy
XP-Shield creates the following files in the subfolder XP-Shield, created by itself, in the Program Files directory:
- XP-SHIELD.EXE, which is a copy of itself.
- UNWISE.EXE.
- INSTALL.LOG.
- XP-SHIELD WEB SITE, which is a shortcut to its website.
Additionally, it creates shortcuts in the Start menu and in the Desktop.
XP-Shield creates the following entries in the Windows Registry:
- HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
XPShield = C:\PROGRA~1\XPShield\XP-SHI~1.EXE
By creating this entry, XP-Shield ensures that it is run whenever Windows is started. - HKEY_CURRENT_USER\ Software\ XPShield
with the following subentries
AID
BV
FRT
IR100
IR101
IR102
IR103
IR104
IR105
LCT
LUD
TID
which contain information about the program, such as the date it was installed, the date of the last analysis...
Means of transmission
XP-Shield can be voluntarily downloaded from the website belonging to the company that has developed it.
Further Details
XP-Shield is 517,632 bytes in size.