Defense Center
June 14, 2010
What is Defense Center?
Defense Center is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.
Screenshots:
Additional Information:
Methods of Infection:
Defense Center is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Defense Center comes from the same family of rogues that includes Your Protection, Data Protection Paladin Antivirus, and Protection Center.
What it Does:
Defense Center will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Defense Center is not legitimate software and is actually a spyare infection. Defense Center can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Defense Center poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Defense Center will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Defense Center Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Defense Center unless you are a trained computer professional. Defense Center is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
cntdef.exe
2. Delete Following Files and Directories
- c:\Program Files\Defense Center\about.ico
- c:\Program Files\Defense Center\activate.ico
- c:\Program Files\Defense Center\buy.ico
- c:\Program Files\Defense Center\cnt.db
- c:\Program Files\Defense Center\cntext.dll
- c:\Program Files\Defense Center\cnthook.dll
- c:\Program Files\Defense Center\cnpdef.exe
- c:\Program Files\Defense Center\help.ico
- c:\Program Files\Defense Center\scan.ico
- c:\Program Files\Defense Center\settings.ico
- c:\Program Files\Defense Center\splash.mp3
- c:\Program Files\Defense Center\Uninstall.exe
- c:\Program Files\Defense Center\update.ico
- c:\Program Files\Defense Center\virus.mp3
- %UserProfile%\Desktop\nudetube.com
- %UserProfile%\Desktop\pornotube.com
- %UserProfile%\Desktop\spam001.exe
- %UserProfile%\Desktop\spam003.exe
- %UserProfile%\Desktop\troj000.exe
- %UserProfile%\Desktop\youporn.com
3. Delete the Following Registry Keys:
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
- HKEY_CURRENT_USER\Software\Defense Center
- HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Defense Center will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Defense Center is completely removed from your computer
Sysinternals Antivirus
June 5, 2010
What is Sysinternals Antivirus?
Sysinternals Antivirus is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
Sysinternals Antivirus is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites, popular social networking sites like Facebook and MySpace, and in torrent downloads.
Previous Versions:
Sysinternals Antivirus comes from the same family of rogues that includes Your PC Protector.
What it Does:
Sysinternals Antivirus will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Sysinternals Antivirus is not legitimate software and is actually a spyare infection. Sysinternals Antivirus can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Sysinternals Antivirus poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Sysinternals Antivirus will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Sysinternals Antivirus Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Sysinternals Antivirus unless are a trained computer professional. Sysinternals Antivirus is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
alggui.exe
Sysinternals Antivirus.exe
svchost.exe
2. Delete Following Files and Directories
Windows XP
-
c:\Program Files\adc_w32.dll
-
c:\Program Files\alggui.exe
-
c:\Program Files\extra1.dat
-
c:\Program Files\extra2.dat
-
c:\Program Files\nuar.old
-
c:\Program Files\skynet.dat
-
c:\Program Files\svchost.exe
-
c:\Program Files\wp3.dat
-
c:\Program Files\wp4.dat
-
c:\Program Files\scdata
-
c:\Program Files\scdata\dbsinit.exe
-
c:\Program Files\scdata\wispex.html
-
c:\Program Files\scdata\images
-
c:\Program Files\scdata\images\i1.gif
-
c:\Program Files\scdata\images\i2.gif
-
c:\Program Files\scdata\images\i3.gif
-
c:\Program Files\scdata\images\j1.gif
-
c:\Program Files\scdata\images\j2.gif
-
c:\Program Files\scdata\images\j3.gif
-
c:\Program Files\scdata\images\jj1.gif
-
c:\Program Files\scdata\images\jj2.gif
-
c:\Program Files\scdata\images\jj3.gif
-
c:\Program Files\scdata\images\l1.gif
-
c:\Program Files\scdata\images\l2.gif
-
c:\Program Files\scdata\images\l3.gif
-
c:\Program Files\scdata\images\pix.gif
-
c:\Program Files\scdata\images\t1.gif
-
c:\Program Files\scdata\images\t2.gif
-
c:\Program Files\scdata\images\Thumbs.db
-
c:\Program Files\scdata\images\up1.gif
-
c:\Program Files\scdata\images\up2.gif
-
c:\Program Files\scdata\images\w1.gif
-
c:\Program Files\scdata\images\w11.gif
-
c:\Program Files\scdata\images\w2.gif
-
c:\Program Files\scdata\images\w3.jpg
-
c:\Program Files\scdata\images\word.doc
-
c:\Program Files\scdata\images\wt1.gif
-
c:\Program Files\scdata\images\wt2.gif
-
c:\Program Files\scdata\images\wt3.gif
-
c:\Program Files\Sysinternals Antivirus
-
c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
-
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus
-
%UserProfile%\Start Menu\Programs\Sysinternals Antivirus\Sysinternals Antivirus.lnk
Windows Vista and Windows 7
-
c:\Program Files\adc_w32.dll
-
c:\Program Files\alggui.exe
-
c:\Program Files\extra1.dat
-
c:\Program Files\extra2.dat
-
c:\Program Files\nuar.old
-
c:\Program Files\skynet.dat
-
c:\Program Files\svchost.exe
-
c:\Program Files\wp3.dat
-
c:\Program Files\wp4.dat
-
c:\Program Files\scdata
-
c:\Program Files\scdata\dbsinit.exe
-
c:\Program Files\scdata\wispex.html
-
c:\Program Files\scdata\images
-
c:\Program Files\scdata\images\i1.gif
-
c:\Program Files\scdata\images\i2.gif
-
c:\Program Files\scdata\images\i3.gif
-
c:\Program Files\scdata\images\j1.gif
-
c:\Program Files\scdata\images\j2.gif
-
c:\Program Files\scdata\images\j3.gif
-
c:\Program Files\scdata\images\jj1.gif
-
c:\Program Files\scdata\images\jj2.gif
-
c:\Program Files\scdata\images\jj3.gif
-
c:\Program Files\scdata\images\l1.gif
-
c:\Program Files\scdata\images\l2.gif
-
c:\Program Files\scdata\images\l3.gif
-
c:\Program Files\scdata\images\pix.gif
-
c:\Program Files\scdata\images\t1.gif
-
c:\Program Files\scdata\images\t2.gif
-
c:\Program Files\scdata\images\Thumbs.db
-
c:\Program Files\scdata\images\up1.gif
-
c:\Program Files\scdata\images\up2.gif
-
c:\Program Files\scdata\images\w1.gif
-
c:\Program Files\scdata\images\w11.gif
-
c:\Program Files\scdata\images\w2.gif
-
c:\Program Files\scdata\images\w3.jpg
-
c:\Program Files\scdata\images\word.doc
-
c:\Program Files\scdata\images\wt1.gif
-
c:\Program Files\scdata\images\wt2.gif
-
c:\Program Files\scdata\images\wt3.gif
-
c:\Program Files\Sysinternals Antivirus
-
c:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe
-
c:\ProgramData\Sysinternals Antivirus
-
c:\ProgramData\Sysinternals Antivirus\Sysinternals Antivirus.lnk
3. Delete the Following Registry Keys:
-
HKEY_CURRENT_USER\Software\Sysinternals Antivirus
-
HKEY_USERS\.DEFAULT\Software\Sysinternals Antivirus
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adbupd
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{149256d5-e103-4523-bb43-2cfb066839d6}
-
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{149256d5-e103-4523-bb43-2cfb066839d6}
-
HKEY_CLASSES_ROOT\CLSID\{149256d5-e103-4523-bb43-2cfb066839d6}
Important:
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Sysinternals Antivirus will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Sysinternals Antivirus is completely removed from your computer.
AV Security Suite
June 5, 2010
What is AV Security Suite?
AV Security Suite is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
If you are blocked trying to download or install Spyware Doctor please follow the additional instructions found here.
Screenshots:
Additional Information:
Methods of Infection:
AV Security Suite is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
AV Security Suite comes from the same family of rogues that includes Antivirus Soft and Antispyware Soft.
What it Does:
AV Security Suite will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as AV Security Suite is not legitimate software and is actually a spyare infection. AV Security Suite can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that AV Security Suite poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Security Master AV will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional AV Security Suite Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of AV Security Suite unless are a trained computer professional. AV Security Suite is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
<random>.exe
2. Delete Following Files and Directories
Windows XP
-
%UserProfile%\Local Settings\Application Data\<random>
-
%UserProfile%\Local Settings\Application Data\<random>\<random>.exe
Windows 7 and Windows Vista
-
c:\ProgramData\<random>
-
c:\ProgramData\<random>\<random>tssd.exe
3. Delete the Following Registry Keys:
-
HKEY_CURRENT_USER\Software\avsoft
-
HKEY_CURRENT_USER\Software\avsuite
-
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft
-
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite
-
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” =”1″
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “<local>”
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
-
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “<random>”
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “<random>”
Important:
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that AV Security Suite will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that AV Security Suite is completely removed from your computer.
Security Master AV
June 5, 2010
What is Security Master AV?
Security Master AV is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
Security Master AV is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Security Master AV comes from the same family of rogues that includes Virus Doctor.
What it Does:
Security Master AV will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Security Master AV is not legitimate software and is actually a spyare infection. Security Master AV can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Security Master AV poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Security Master AV will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Security Master AV Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Security Master AV unless are a trained computer professional. Security Master AV is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
SM345d.exe
2. Delete Following Files and Directories
Windows XP
c:\Documents and Settings\All Users\Application Data\345d567\
c:\Documents and Settings\All Users\Application Data\345d567\16.mof
c:\Documents and Settings\All Users\Application Data\345d567\mozcrt19.dll
c:\Documents and Settings\All Users\Application Data\345d567\SM345d.exe
c:\Documents and Settings\All Users\Application Data\345d567\SMAV.ico
c:\Documents and Settings\All Users\Application Data\345d567\sqlite3.dll
c:\Documents and Settings\All Users\Application Data\345d567\Quarantine Items\
c:\Documents and Settings\All Users\Application Data\345d567\SMAVSys\
c:\Documents and Settings\All Users\Application Data\345d567\SMAVSys\vd952342.bd
c:\Documents and Settings\All Users\Application Data\SMNPCTCAV\
c:\Documents and Settings\All Users\Application Data\SMNPCTCAV\SMMPIBBZGHAV.cfg
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
%UserProfile%\Application Data\Security Master AV\
%UserProfile%\Application Data\Security Master AV\cookies.sqlite
%UserProfile%\Desktop\Security Master AV.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\FS.sys
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\runddl.sys
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\sld.drv
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\Security Master AV.lnk
%UserProfile%\Start Menu\Programs\Security Master AV.lnk
Windows Vista and Windows 7
c:\ProgramData\345d567\
c:\ProgramData\345d567\16.mof
c:\ProgramData\345d567\mozcrt19.dll
c:\ProgramData\345d567\SM345d.exe
c:\ProgramData\345d567\SMAV.ico
c:\ProgramData\345d567\sqlite3.dll
c:\ProgramData\345d567\Quarantine Items\
c:\ProgramData\345d567\SMAVSys\
c:\ProgramData\345d567\SMAVSys\vd952342.bd
c:\ProgramData\SMNPCTCAV\
c:\ProgramData\SMNPCTCAV\SMMPIBBZGHAV.cfg
c:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Security Master AV.lnk
c:\ProgramData\Security Master AV\
c:\ProgramData\Security Master AV\cookies.sqlite
%UserProfile%\Desktop\Security Master AV.lnk
%UserProfile%\Recent\ANTIGEN.dll
%UserProfile%\Recent\CLSV.dll
%UserProfile%\Recent\DBOLE.exe
%UserProfile%\Recent\DBOLE.tmp
%UserProfile%\Recent\ddv.sys
%UserProfile%\Recent\energy.tmp
%UserProfile%\Recent\exec.dll
%UserProfile%\Recent\FS.sys
%UserProfile%\Recent\kernel32.drv
%UserProfile%\Recent\PE.dll
%UserProfile%\Recent\runddl.dll
%UserProfile%\Recent\runddl.sys
%UserProfile%\Recent\runddlkey.drv
%UserProfile%\Recent\sld.drv
%UserProfile%\Recent\sld.exe
%UserProfile%\Recent\sld.sys
%UserProfile%\Recent\tempdoc.tmp
%UserProfile%\Recent\tjd.tmp
%UserProfile%\Start Menu\Security Master AV.lnk
%UserProfile%\Start Menu\Programs\Security Master AV.lnk
3. Delete the Following Registry Keys:
HKEY_CURRENT_USER\Software\3
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CLASSES_ROOT\SM345d.DocHostUIHandler
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Security Master AV”
HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes “URL” = “http://findgala.com/?&uid=7&q={searchTerms}”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “CheckExeSignatures” = “no”
Important:
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Security Master AV will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Security Master AV is completely removed from your computer.
Protection Center
June 2, 2010
What is Protection Center?
Protection Center is what is known as Rogue Antispyware – meaning that the program poses as legitimate antispyware software, when in fact, it is nothing more than spyware itself.
Recommended Removal Method:
Automatic Detection and Removal Using Spyware Doctor:
Screenshots:
Additional Information:
Methods of Infection:
Protection Center is installed via a Trojan typically from questionable websites (i.e. pornography or gambling), but it has also been found on hijacked fake news websites and in torrent downloads.
Previous Versions:
Protection Center comes from the same family of rogues that includes Your Protection, Data Protection and Paladin Antivirus.
What it Does:
Protection Center will bombard your computer with numerous fake spyware alerts and scans in an attempt to lure you into purchasing the full version, which is nothing more than a hoax as Protection Center is not legitimate software and is actually a spyare infection. Protection Center can also hijack your web browser and redirect your search results to pages of its choosing, where you will likely encounter more fake alerts and spyware related warnings.
The larger threat that Protection Center poses however, is that it can download and install keyloggers and other more severe malware that can log your keystrokes, websites visited, etc. and can send that information over the internet to a remote server where the hacker that created Protection Center will then use that information in an attempt to gain access to your credit cards, bank accounts, and numerous other sensitive personal information – and may ultimately end up stealing your identity.
Optional Protection Center Removal Method – Manual Deletion (Not Recommended)
***Please note we highly recommend not attempting manual removal of Protection Center unless are a trained computer professional. Protection Center is a highly complex and dynamic rogue spyware infection that can hide several random files throughout your computer’s registry and file system and makes manual removal almost impossible. In addition, deleting and modifying system files and your computer’s registry wihout proper knowledge and training can cause further issues and may even cause your computer to become inoperable. As such, proceeding with manual removal is done at your own risk and spyware-experts.com cannot be held responsible for any problems that may occur in doing so.***
If you need help performing any of these steps, please see our tutorials listed on the upper right hand side of this page.
1. Delete the Following Processes:
cntprot.exe
2. Delete Following Files and Directories
- c:\Program Files\Protection Center\about.ico
- c:\Program Files\Protection Center\activate.ico
- c:\Program Files\Protection Center\buy.ico
- c:\Program Files\Protection Center\cnt.db
- c:\Program Files\Protection Center\cntext.dll
- c:\Program Files\Protection Center\cnthook.dll
- c:\Program Files\Protection Center\cnprot.exe
- c:\Program Files\Protection Center\help.ico
- c:\Program Files\Protection Center\scan.ico
- c:\Program Files\Protection Center\settings.ico
- c:\Program Files\Protection Center\splash.mp3
- c:\Program Files\Protection Center\Uninstall.exe
- c:\Program Files\Protection Center\update.ico
- c:\Program Files\Protection Center\virus.mp3
- %UserProfile%\Desktop\nudetube.com
- %UserProfile%\Desktop\pornotube.com
- %UserProfile%\Desktop\spam001.exe
- %UserProfile%\Desktop\spam003.exe
- %UserProfile%\Desktop\troj000.exe
- %UserProfile%\Desktop\youporn.com
3. Delete the Following Registry Keys:
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\TaskManager
- HKEY_CURRENT_USER\Software\Protection Center
- HKEY_CLASSES_ROOT\CLSID\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77DC0Baa-3235-4ba9-8BE8-aa9EB678FA02}
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ADBUPD
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdbUpd
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ADBUPD
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdbUpd
Note that even if you have followed all the above steps and performed the tasks correctly, it is highly probable that Protection Center will remain on your computer and continue to cause problems. The reason for this is that the program is dynamic and can change the filenames, locations, etc. and can even add additional infected files while it is on your computer.
This is why we highly recommend an automatic detection and removal tool such as Spyware Doctor that can find these additional hidden files and ensure that Protection Center is completely removed from your computer
-
Editor’s Choice Winner
"Spyware Doctor also set a new record in the malware blocking test, scoring 9.7 out of 10 possible points"
-www.pcmag.com, October 15, 2009