False scan results and fake security alerts shouldn't surprise you because DefenseCenter scareware will do all its best to trick you into purchase the program. It will even attempt to uninstall antivirus software from your computer. If you use let's say Norton Antivirus, then most likely you will see a fake pop-up claiming that your antivirus software is infected and should be uninstalled immediately. Defense Center will even block certain security related websites and block other useful utilities to protect itself from being removed. The text of some fake security alerts are:
"Warning! Virus threat detected!
Virus activity detected!
Net-Worm.Win32 has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat."
"Danger!
A security threat detected on your computer. TrojanASPX.JS.Win32. It strongly recommended to remove this threat right now. Click on the message to remove it."
"Warning! Adware detected!
Adware module detected on your PC!
Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now."
Also note, that this rogue program is promoted mainly through the use of Trojan Horses. Very often Trojans download TDSS rootkit and other malware alongside Defense Center. That's why we think manual removal is not an options in this case. We strongly recommend you to run a full system scan with at least two anti-malware programs. Below you will find a list of free and reputable anti-malware programs which will remove Defense Center from your computer for good. By the way, if you have already purchased this bogus program, then please contact your credit card company and dispute the charges. Finally, if you have any questions about this virus, please don't hesitate and leave a comment.
Defense Center removal instructions (in Safe Mode with Networking, Method 1):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download SUPERAntispyware, MalwareBytes Anti-malware, Spybot - Search & Destroy or Spyware Doctor and run a full system scan. NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning. Then reboot your computer in "Normal Mode" and run a system scan again. That's it!
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Defense Center removal instructions: (Method 2)
1. Download TDSSKiller.exe from Kaspersky website.
2. Execute the file TDSSKiller.exe (NOTE: you may have to rename TDSSKiller.exe to explorer.com yourself or download already renamed explorer.com file in order to run it)
3. Follow the prompts and wait for the scan and disinfection process to be over. Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial: http://support.kaspersky.com/viruses/solutions?qid=208280684
4. Download one of the following anti-malware software and run a full system scan:
5. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Defense Center associated files and registry values:
Files:
- C:\Program Files\Defense Center
- C:\Program Files\Defense Center\about.ico
- C:\Program Files\Defense Center\activate.ico
- C:\Program Files\Defense Center\buy.ico
- C:\Program Files\Defense Center\def.db
- C:\Program Files\Defense Center\defcnt.exe
- C:\Program Files\Defense Center\defext.dll
- C:\Program Files\Defense Center\defhook.dll
- C:\Program Files\Defense Center\help.ico
- C:\Program Files\Defense Center\scan.ico
- C:\Program Files\Defense Center\settings.ico
- C:\Program Files\Defense Center\splash.mp3
- C:\Program Files\Defense Center\Uninstall.exe
- C:\Program Files\Defense Center\update.ico
- C:\Program Files\Defense Center\virus.mp3
- %UserProfile%\Desktop\spam001.exe
- %UserProfile%\Desktop\spam003.exe
- %UserProfile%\Desktop\troj000.exe
- %UserProfile%\Desktop\youporn.com.lnk
- %UserProfile%\Start Menu\Programs\Defense Center
- HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
- HKEY_CURRENT_USER\Software\Classes\secfile
- HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
- HKEY_CLASSES_ROOT\secfile
- HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
- HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Defense Center"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = "1"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"
No comments:
Post a Comment