The Emsisoft malware research team has discoverd a new outbreak of the Defense Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ProtectionCenter.

Defense Center is a rogue security program. This is a new variant from Protection Center, Data Protection, Digital Protection, Your Protection, User Protection,  Dr. Guard , and PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This rogue also found bundled with TDSS rootkit.

Create new files:

• %ProgramFiles%\Defense Center\virus.mp3
• %ProgramFiles%\Defense Center\about.ico
• %ProgramFiles%\Defense Center\activate.ico
• %ProgramFiles%\Defense Center\buy.ico
• %ProgramFiles%\Defense Center\def.db
• %ProgramFiles%\Defense Center\defcnt.exe
• %ProgramFiles%\Defense Center\defext.dll
• %ProgramFiles%\Defense Center\defhook.dll
• %ProgramFiles%\Defense Center\help.ico
• %ProgramFiles%\Defense Center\scan.ico
• %ProgramFiles%\Defense Center\settings.ico
• %ProgramFiles%\Defense Center\splash.mp3
• %ProgramFiles%\Defense Center\Uninstall.exe
• %ProgramFiles%\Defense Center\update.ico
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.lnk
• %UserProfile%\Desktop\Defense Center.lnk
• %UserProfile%\Desktop\Defense Center Support.lnk
• %UserProfile%\Local Settings\Temp\def.dat
• %UserProfile%\Local Settings\Temp\defr.dat
• %UserProfile%\Local Settings\Temp\dhdhtrdhdrtr5y
• %UserProfile%\Local Settings\Temp\3c08.tmp
• %UserProfile%\Local Settings\Temp\4a8f.tmp
• %UserProfile%\Local Settings\Temp\4otjesjty.mof
• %UserProfile%\Local Settings\Temp\23cd.tmp
• %UserProfile%\Local Settings\Temp\3764.tmp
• %UserProfile%\Local Settings\Temp\b8bc.tmp
• %UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
• %UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
• %UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
• %UserProfile%\Start Menu\Programs\Defense Center\Update.lnk
• %UserProfile%\Start Menu\Programs\Defense Center\About.lnk
• %UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
• %UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
• %UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk

Create new/modify registry entries:

• HKEY_LOCAL_MACHINE\software\Classes\*\ShellEx\ContextMenuHandlers\SimpleShlExt
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
• HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}\InprocServer32
• HKEY_LOCAL_MACHINE\software\Classes\Folder\shellex\ContextMenuHandlers\SimpleShlExt
• HKEY_LOCAL_MACHINE\software\Defense Center
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Defense Center
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Defense Center”

Screenshots:

How to remove the infection of Defense Center (Adware.Win32.DefenseCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: DefenseCenter, Rogue

This entry was posted on Thursday, June 17th, 2010 at 23:04 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.