Sign in to follow this  
Christian Mairoll

Defense Center Adware Removal Instructions

Recommended Posts

The Emsisoft malware research team has discoverd a new outbreak of the Defense Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ProtectionCenter.

Defense Center is a rogue security program. This is a new variant from Protection Center, Data Protection, Digital Protection, Your Protection, User ProtectionDr. Guard , and PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This rogue also found bundled with TDSS rootkit.

Create new files:

  • %ProgramFiles%Defense Centervirus.mp3
  • %ProgramFiles%Defense Centerabout.ico
  • %ProgramFiles%Defense Centeractivate.ico
  • %ProgramFiles%Defense Centerbuy.ico
  • %ProgramFiles%Defense Centerdef.db
  • %ProgramFiles%Defense Centerdefcnt.exe
  • %ProgramFiles%Defense Centerdefext.dll
  • %ProgramFiles%Defense Centerdefhook.dll
  • %ProgramFiles%Defense Centerhelp.ico
  • %ProgramFiles%Defense Centerscan.ico
  • %ProgramFiles%Defense Centersettings.ico
  • %ProgramFiles%Defense Centersplash.mp3
  • %ProgramFiles%Defense CenterUninstall.exe
  • %ProgramFiles%Defense Centerupdate.ico
  • %UserProfile%Application DataMicrosoftInternet ExplorerQuick LaunchDefense Center.lnk
  • %UserProfile%DesktopDefense Center.lnk
  • %UserProfile%DesktopDefense Center Support.lnk
  • %UserProfile%Local SettingsTempdef.dat
  • %UserProfile%Local SettingsTempdefr.dat
  • %UserProfile%Local SettingsTempdhdhtrdhdrtr5y
  • %UserProfile%Local SettingsTemp3c08.tmp
  • %UserProfile%Local SettingsTemp4a8f.tmp
  • %UserProfile%Local SettingsTemp4otjesjty.mof
  • %UserProfile%Local SettingsTemp23cd.tmp
  • %UserProfile%Local SettingsTemp3764.tmp
  • %UserProfile%Local SettingsTempb8bc.tmp
  • %UserProfile%Start MenuProgramsDefense CenterDefense Center.lnk
  • %UserProfile%Start MenuProgramsDefense CenterScan.lnk
  • %UserProfile%Start MenuProgramsDefense CenterSettings.lnk
  • %UserProfile%Start MenuProgramsDefense CenterUpdate.lnk
  • %UserProfile%Start MenuProgramsDefense CenterAbout.lnk
  • %UserProfile%Start MenuProgramsDefense CenterActivate.lnk
  • %UserProfile%Start MenuProgramsDefense CenterBuy.lnk
  • %UserProfile%Start MenuProgramsDefense CenterDefense Center Support.lnk

Create new/modify registry entries:

  • HKEY_LOCAL_MACHINEsoftwareClasses*ShellExContextMenuHandlersSimpleShlExt
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{5E2121EE-0300-11D4-8D3B-444553540000}
  • HKEY_LOCAL_MACHINEsoftwareClassesCLSID{5E2121EE-0300-11D4-8D3B-444553540000}InprocServer32
  • HKEY_LOCAL_MACHINEsoftwareClassesFoldershellexContextMenuHandlersSimpleShlExt
  • HKEY_LOCAL_MACHINEsoftwareDefense Center
  • HKEY_LOCAL_MACHINEsoftwaremicrosoftWindowsCurrentVersionUninstallDefense Center
  • HKEY_CURRENT_USERsoftwareMicrosoftWindowsCurrentVersionRun, “Defense Center”

Screenshots:

Adware.Win32.DefenseCenter_1-400x185.png

Adware.Win32.DefenseCenter_2-400x185.png

Adware.Win32.DefenseCenter_3-399x300.png

Adware.Win32.DefenseCenter_4-400x296.png

How to remove the infection of Defense Center (Adware.Win32.DefenseCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.



View the full article

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.