Encyclopedia

XPDeluxeProtector

 
Threat LevelLow threatDamageHighDistributionNot widespread

Effects 

XPDeluxeProtector is an adware program that carries out the following actions:

  • When it is run, it displays a window like the following:

  • Then, a website like the following is displayed, which shows a message thanking users for having installed the program:

  • Once installed, the program starts scanning the hard disk in search for possible malware:

  • When the scan is finished, a window containing the results of the analysis is displayed, warning users that their computer is infected.
  • In order to remove these threats, users are recommended to activate certain security solution:

  • If it is activated, users are redirected to a page like the following, where several purchase options are offered:

Infection strategy 

XPDeluxeProtector creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\XP Deluxe Protector
    fstart
  • HKEY_CURRENT_USER\Software\XP Deluxe Protector
    Id
  • HKEY_CURRENT_USER\Software\XP Deluxe Protector
    Minimize
  • HKEY_CURRENT_USER\Software\XP Deluxe Protector
    Scan
  • HKEY_CURRENT_USER\Software\XP Deluxe Protector
    site = Data: http://deluxe-protector.com/pp/?id=
  • HKEY_CURRENT_USER\Software\XP Deluxe Protector
    Start
  • HKEY_CURRENT_USER\Software\XP Deluxe Protector
    UpdateDate
  • HKEY_CLASSES_ROOT\CLSID\{a4dca795-b588-4be0-9463-7ff2864543b1}
    (Default) = WinInet Class
  • HKEY_CLASSES_ROOT\CLSID\{a4dca795-b588-4be0-9463-7ff2864543b1} \InprocServer32
    (Default) = %sysdir%\iehostcx32.dll
    where %sysdir% is the Windows system directory.
  • HKEY_CLASSES_ROOT\CLSID\{a4dca795-b588-4be0-9463-7ff2864543b1} \InprocServer32
    ThreadingModel
  • HKEY_CLASSES_ROOT\CLSID\{a4dca795-b588-4be0-9463-7ff2864543b1}\ProgID
    (Default) = WinInetApp.WinInet.1
  • HKEY_CLASSES_ROOT\CLSID\{a4dca795-b588-4be0-9463-7ff2864543b1}\TypeLib
    (Default) = {b360243e-09e8-402f-8721-00b6798089ad}
  • HKEY_CLASSES_ROOT\CLSID\{a4dca795-b588-4be0-9463-7ff2864543b1} \VersionIndependentProgID
    (Default) = WinInetApp.WinInet

Means of transmission 

XPDeluxeProtector can be voluntarily downloaded from the website belonging to the company that has developed it.

Further Details  

XPDeluxeProtector is 41,984 bytes in size.

Last updated:  28/07/2009 

Virus News

3/10/09.-More than 10 Million Worldwide Were Actively Exposed to Identity Theft in 2008

3/5/09.-Cyber-crooks manipulate Internet searches to sell fake antivirus products

3/2/09.-VideoPlay adware infections grew 400% in February through malicious use of Web 2.0 pages

[+ Noticias]