The Emsisoft malware research team has discoverd a new outbreak of the Protection Center adware. Emsisoft Anti-Malware detects this malware as Adware.Win32.ProtectionCenter.

Protection Center is a rogue security program. This is a new variant from Data Protection, Digital Protection, Your Protection, User Protection,  Dr. Guard , and PaladinAntivirus. This rogue application tries to trick you by displaying false positive/misleading scan results report, which says that your computer is infected with viruses or trojan, but you will not be able to delete them before you purchase. This rogue also found bundled with TDSS rootkit.

Create new files:

• %ProgramFiles%\Protection Center\cntprot.exe
• %ProgramFiles%\Protection Center\help.ico
• %ProgramFiles%\Protection Center\scan.ico
• %ProgramFiles%\Protection Center\settings.ico
• %ProgramFiles%\Protection Center\splash.mp3
• %ProgramFiles%\Protection Center\Uninstall.exe
• %ProgramFiles%\Protection Center\update.ico
• %ProgramFiles%\Protection Center\virus.mp3
• %ProgramFiles%\Protection Center\about.ico
• %ProgramFiles%\Protection Center\activate.ico
• %ProgramFiles%\Protection Center\buy.ico
• %ProgramFiles%\Protection Center\cnt.db
• %ProgramFiles%\Protection Center\cntext.dll
• %ProgramFiles%\Protection Center\cnthook.dll
• %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection Center.lnk
• %UserProfile%\Desktop\Protection Center.lnk
• %UserProfile%\Desktop\Protection Center Support.lnk
• %UserProfile%\Local Settings\Temp\4otjesjty.mof
• %UserProfile%\Local Settings\Temp\451d.tmp
• %UserProfile%\Local Settings\Temp\3722.tmp
• %UserProfile%\Local Settings\Temp\7461.tmp
• %UserProfile%\Local Settings\Temp\cnt.dat
• %UserProfile%\Local Settings\Temp\cntr.dat
• %UserProfile%\Local Settings\Temp\dhdhtrdhdrtr5y
• %UserProfile%\Local Settings\Temp\2bf7.tmp
• %UserProfile%\Local Settings\Temp\4f4e.tmp
• %UserProfile%\Start Menu\Programs\Protection Center\Protection Center Support.lnk
• %UserProfile%\Start Menu\Programs\Protection Center\Protection Center.lnk
• %UserProfile%\Start Menu\Programs\Protection Center\Scan.lnk
• %UserProfile%\Start Menu\Programs\Protection Center\Settings.lnk
• %UserProfile%\Start Menu\Programs\Protection Center\Update.lnk
• %UserProfile%\Start Menu\Programs\Protection Center\About.lnk
• %UserProfile%\Start Menu\Programs\Protection Center\Activate.lnk
• %UserProfile%\Start Menu\Programs\Protection Center\Buy.lnk

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\Protection Center
• HKEY_LOCAL_MACHINE\software\Protection Center
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “Protection Center”

Screenshots:

How to remove the infection of Protection Center (Adware.Win32.ProtectionCenter)?

To delete this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.