Monday, June 14, 2010

Defense Center Removal GuideDefense Center Removal Guide

Defense Center Removal Guide
Defense Center is a fake antivirus program that try to trick the user to buy the full version of Defense Center by using fake scan results. Defense Center installs itself into the computer without confirmation of the user unless the user set the UAC level to the highest level. Defense Center start itself when the computer boot and scan the computer automatically and produce fake scan result and keep on warning the users to buy the full version of Defense Center.

Defense Center also disable Windows Task Manager so that the user cannot stop its process. However, we can stop the process by using a-squared HiJackFree. It also uninstall several antivirus program such as Malwarebytes', F-Secure, Trend Micro, and Symantec Antivirus.

Defense Center provide fake features such as Antivirus and Antispyware protection (DEMO version), Network Shield (Firewall)(DEMO version), Automatics Updates(DEMO version), Scheduled Scans, RAM Protection. It urge the user to buy the full version so that the user can have the full active Antivirus and Antispyware protection, Network shield and Automatic Updates. It always show the user that the computer is not protected! It asks the user to activate the protection.

Defense Center should be removed immediately.


Defense Center Removal Guide
Kill Process
(How to kill a process effectively?)
defcnt.exe
Uninstall.exe
spam001.exe
spam002.exe
spam003.exe
troj000.exe

Unregister DLL files
%Program Files%\Defense Center\defext.dll
%Program Files%\Defense Center\defhook.dll

Delete Registry
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Defense Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Remove Folders and Files
%Documents and Settings%\All Users\Favorites\_favdata.dat
%Program Files%\Defense Center
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\nudetube.com.lnk
%UserProfile%\Desktop\pornotube.com.lnk
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\youporn.com.lnk
%UserProfile%\Start Menu\Programs\Defense Center
%appdata%\microsoft\internet explorer\quick launch\Defense Center.lnk
%commonprograms%\Defense Center

No comments:

Post a Comment