XP Police Antivirus Description

XP Police Antivirus, XPPoliceAntivirus or XPPolice Antivirus, is a rogue anti-spyware program designed to trick users into believing it’s a legitimate Microsoft product. Needless to say, XP Police Antivirus has no relation whatsoever with Microsoft Corp.

XP Police Antivirus may be installed in the user’s computer system by a Trojan, such as Zlob, through a rogue video codec download or the user may have downloaded it from a rogue website. Once Zlob is installed, the user will receive a large amount of fake notification messages stating that his/her computer is infested with spyware. In order to remove these threats, the user will be redirected to a fraudulent website to further purchase XP Police Antivirus’s full version. XP Police Antivirus is also able to emulate a computer system scan. After XP Police Antivirus’s scanner is launched, the user will receive a list of spyware infections supposedly found in his/her computer system as a result.

XP Police Antivirus may be configured to run on every Windows startup. XP Police Antivirus may also cause computer system’s performance to decrease.

Type: Rogue AntiSpyware Programs

Automatic Detection of XP Police Antivirus

XP Police Antivirus Technical Report

As new XP Police Antivirus details are reported by our customers and findings from our Threat Research Center, we will update this section.

The following XP Police Antivirus files with its MD5s were created in the system:

XP Police Antivirus has typically the following processes in memory:

• c:\Program Files\XPPoliceAntivirus\AVCoreFn.dll
• c:\Program Files\XPPoliceAntivirus\Core.dll
• xppolice.exe
• c:\Program Files\XPPoliceAntivirus\xppolice.exe
• xp-policy[1].exe

XP Police Antivirus created the following directories, files, paths:

• %ProgramFiles%\XPPoliceAntivirus

XP Police Antivirus creates the following registry entries:

• XP Police Antivirus
• HKEY_CURRENT_USER\Software\XP Police Antivirus

Important Article Disclaimer