How to Remove Defense Center and Protection Center (Virus Removal Guide)

October 4, 2010, By Fouad Bajwa

Defense Center and its associated copy version Protection Center are rogue security applications usually installed through malware and fake anti-malware scanners. Both programs generate a series of deceptive warnings. They also falsely scan your system displaying scan results to scare and provoke you in into purchasing registered versions of these programs.

How-to Remove Defense Center and/or Protection Center

Defense Center and Protection Center are Trojans installed through vulnerabilities in Windows or various types of installed programs on a computer system. Usually, all such application level vulnerabilities can be exploited through websites a user accidentally visits and ends up having Defense Center or Protection Center being installed on their computers without their permission or knowledge.

How-to Remove Defense Center and/or Protection Center

What Defense Center and Protection Center do with your system:

  1. They disable your Windows Task Manager.
  2. They sends your computer into a dormant state for a while.
  3. hey force Windows taskbar begins to show multiple alerts.
  4. If any of these alerts are clicked (while your computer is connected to the Internet), Defense Center or Protection Center will be forcefully downloaded and installed on your computer without your permission.
  5. During installation, Defense Center or Protection Center uninstall any installed anti-virus programs such as Norton, Trend Micro, and/or Symantec.
  6. They then show you messages that any of the pre-installed programs are infected and then these two attemp to to remove them.

How to protect your computer system from Defense Center and Protection Center.

  1. Block both of  these programs.
  2. Install all available Windows updates.
  3. Ensure programs like Adobe Reader, Flash, Shockwave, and Java are updated to their latest versions.
  4. Defense Center and Protection Center are sometimes bundled by certain malware distributors with the TDSS. rootkit and you can identify this if you experience redirects through  Google or other search engines.
  5. Do not allow these two rogue applications to uninstall any legitimate Anti-Virus software from your computer.
  6. When these two rogue applications are launched, they will scan your computer as well as state that your computer has been infected with various infections (these are not real infections and the files shown as infected are actually legitimate Microsoft operating system files that Windows needs to operate properly.
  7. Do not manually delete any of the files that these two rogue applications show you as infections. Deleting any of these makes your computer to no longer operate correctly.
  8. As a self-defense mechanism, these two rogue applications display alerts when you try to run any program that they are infected encouraging you not to run any programs that may remove it from your computer. The text of these alerts can be:
    Warning! Virus threat detected!
    Virus activity detected!
    Net-Worm.Win32 has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat.
  9. These two rogue applications also make you think that your computer is under attack by displaying these alerts:
    Warning! Adware detected!
    Adware module detected on your PC!
    Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.
    Antivirus Alert – Critical threat detected
    Warning
    Network attack detected
    Network attack has been detected. Process is attempting to access your private data.
    Warning! Network attack detected!
    Network intrusion detected!
    Your computer is be attacked from a remote PC.
    Attack from :27040
    Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.
    Danger!
    A security threat detected on your computer. TrojanASPX.JS.Win32. It strongly recommended to remove this threat right now. Click on the message to remove it.
    Danger!
    A security threat detected on your computer. This malicious program may steal your private data. Click on the message to ensure the protection of your computer.
    Danger!
    Harmful viruses detected on your computer. Click on the message to scan your computer for security threats for free.
  10. All the above scare alerts are just false alerts and threats to force you into actually believing your machine is under attack and thus you should ignore these otherwise it provokes you to purchase Defense Center and Protection Center.
  11. If you accidentally end up paying for these rogue applications using your Credit Card, immediately call your Credit Card company or bank and dispute these charges stating that the program you purchased was fraudulent.

Defense Center’s Installation Linked Files:

* Kindly note that Protection Center associated files simply replace the Defence Center folder with Protection Center folder title:

d:\Program Files\Defense Center
d:\Program Files\Defense Center\about.ico
d:\Program Files\Defense Center\activate.ico
d:\Program Files\Defense Center\buy.ico
d:\Program Files\Defense Center\def.db
d:\Program Files\Defense Center\defcnt.exe
d:\Program Files\Defense Center\defext.dll
d:\Program Files\Defense Center\defhook.dll
d:\Program Files\Defense Center\help.ico
d:\Program Files\Defense Center\scan.ico
d:\Program Files\Defense Center\settings.ico
d:\Program Files\Defense Center\splash.mp3
d:\Program Files\Defense Center\Uninstall.exe
d:\Program Files\Defense Center\update.ico
d:\Program Files\Defense Center\virus.mp3
d:\Documents and Settings\All Users\Favorites\_favdata.dat
UserProfile Files:
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\nudetube.com.lnk
%UserProfile%\Desktop\pornotube.com.lnk
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\youporn.com.lnk
%UserProfile%\Start Menu\Programs\Defense Center
%UserProfile%\Start Menu\Programs\Defense Center\About.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Update.lnk
File Locations:
%UserProfile% (Represents the current user’s profile folder)
Windows 2000/XP C:\=Documents and Setting
Windows Vista or Windows 7 C:\Users.

Defense Center Modifications to the Registry Information:
* Kindly note that Protection Center associated registry entry simply replace the Defense Center registry entry with Protection Center registry keys:

HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Defense Center”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system “DisableTaskMgr” = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved “{5E2121EE-0300-11D4-8D3B-444553540000}”

For Protection Center:

C:\Program Files\Protection Center\
C:\Program Files\Protection Center\cntprot.exe
Remove Protection Center Registry Keys (Learn How To Do This)
HKEY_CURRENT_USER\Software\Protection Center
HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection Center

Manual Procedures for Removing Defense Center and Protection Center

  1. All Processes associated with these two rogue applications must be stopped.
  2. All the files associated with these two rogue applications processes must be removed.
  3. All the registry entries must be corrected to the previous state before Defense Center and Protection Center took over your computer.
  4. Stop Defence Center Protection Center Processes such as cntprot.exe

Remove Defense Center or Protection Center associated malware and trojans:

How-to Remove Defense Center and/or Protection Center

  1. Shut down or close all applications and programs running on your computer.
  2. Download and install the Malwarebytes’ Anti-Malware program from here.
  3. When the program’s installation has been completed it will ask you to update it before performing any scan so that it scans your system using the latest database of issues for the program.
  4. Whilst updating, if you run into any kind of downloading problems, you should open and configure your computer’s firewall program to configure it to allow Internet access permissions to Malwarebyte’s Anti-Malware.
  5. Finally run Malware Bytes Anti-Malware allowing it to perform a complete scan of your PC and remove any infections that it detects.
  6. Your computer should now be free of Defense Center and Protection Center malware.
© 2008-2012 DeviceMag.com - All rights reserved | Privacy Policy