XJR Antivirus

1. Program description

XJR Antivirus is a type of misleading application that pretends to be legitimate security software, such as an antivirus scanner or registry cleaner, but which actually provides the user with little or no protection (Rogue Security Software). The author also  created AKM Antivirus 2010 Pro and RST Antivirus 2010.

2. Actions

Once the scan is started XJR Antivirus generates and shows fake messages about viruses, Trojans and worms detected on the computer. Still the detected viruses cannot be deleted unless the program license is purchased.

3. Files

During the installation XJR Antivirus copies the following files to the hard drive:

%ProgramFiles%\wp4.dat
%ProgramFiles%\adc_w32.dll
%ProgramFiles%\alggui.exe
%ProgramFiles%\skynet.dat
%ProgramFiles%\svchost.exe
%ProgramFiles%\wp3.dat
%ProgramFiles%\XJR Antivirus\XJR Antivirus.exe
%UserProfile%\Desktop\XJR Antivirus.lnk
%UserProfile%\Start Menu\Programs\XJR Antivirus\XJR Antivirus.lnk

4. System registry

In order to function normally XJR Antivirus creates the following branches in the system registry:

HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{149256D5-E103-4523-BB43-2CFB066839D6}\InprocServer32
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256D5-E103-4523-BB43-2CFB066839D6}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
HKEY_CURRENT_USER\software\XJR Antivirus
HKEY_CURRENT_USER\software\XJR Antivirus\wpp
HKEY_CURRENT_USER\software\XJR Antivirus\wpp\Registration
HKEY_CURRENT_USER\software\XJR Antivirus\wpp\setdata
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\Registration
HKEY_CURRENT_USER\software\XJR Antivirus\XJR Antivirus\setdata

5. Screenshots of the program