Defense Center also disable Windows Task Manager so that the user cannot stop its process. However, we can stop the process by using a-squared HiJackFree. It also uninstall several antivirus program such as Malwarebytes', F-Secure, Trend Micro, and Symantec Antivirus.
Defense Center provide fake features such as Antivirus and Antispyware protection (DEMO version), Network Shield (Firewall)(DEMO version), Automatics Updates(DEMO version), Scheduled Scans, RAM Protection. It urge the user to buy the full version so that the user can have the full active Antivirus and Antispyware protection, Network shield and Automatic Updates. It always show the user that the computer is not protected! It asks the user to activate the protection.
Defense Center should be removed immediately.
Defense Center Removal Guide
Kill Process
(How to kill a process effectively?)
defcnt.exe
Uninstall.exe
spam001.exe
spam002.exe
spam003.exe
troj000.exe
Unregister DLL files
%Program Files%\Defense Center\defext.dll
%Program Files%\Defense Center\defhook.dll
Delete Registry
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Defense Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"
Remove Folders and Files
%Documents and Settings%\All Users\Favorites\_favdata.dat
%Program Files%\Defense Center
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\nudetube.com.lnk
%UserProfile%\Desktop\pornotube.com.lnk
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\youporn.com.lnk
%UserProfile%\Start Menu\Programs\Defense Center
%appdata%\microsoft\internet explorer\quick launch\Defense Center.lnk
%commonprograms%\Defense Center
Defense Center provide fake features such as Antivirus and Antispyware protection (DEMO version), Network Shield (Firewall)(DEMO version), Automatics Updates(DEMO version), Scheduled Scans, RAM Protection. It urge the user to buy the full version so that the user can have the full active Antivirus and Antispyware protection, Network shield and Automatic Updates. It always show the user that the computer is not protected! It asks the user to activate the protection.
Defense Center should be removed immediately.
Defense Center Removal Guide
Kill Process
(How to kill a process effectively?)
defcnt.exe
Uninstall.exe
spam001.exe
spam002.exe
spam003.exe
troj000.exe
Unregister DLL files
%Program Files%\Defense Center\defext.dll
%Program Files%\Defense Center\defhook.dll
Delete Registry
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Defense Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"
Remove Folders and Files
%Documents and Settings%\All Users\Favorites\_favdata.dat
%Program Files%\Defense Center
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\nudetube.com.lnk
%UserProfile%\Desktop\pornotube.com.lnk
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\youporn.com.lnk
%UserProfile%\Start Menu\Programs\Defense Center
%appdata%\microsoft\internet explorer\quick launch\Defense Center.lnk
%commonprograms%\Defense Center
No comments:
Post a Comment