1
How to remove Defense Center on Fri Jun 18, 2010 2:32 pm
DragonMaster Jay
Site Owner
Defense Center Analysis
Defense Center is a fairly new rogue, swinging its fists in early June 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
Defense Center has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Apparently, this rogue has also been found to be bundled with the TDSS rootkit. It can drop rogue Pragma strings to hide its path to its core file.
Attributes of Defense Center
Similar AV scanners
Protection Center, Data Protection, Digital Protection, Your Protection, User Protection, Dr. Guard, and Paladin Antivirus.
CLSID
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
Note: {5E2121EE-0300-11D4-8D3B-444553540000} is a CLSID also used by legitimate software (ATI Catalyst).
Files and folders belonging to just Defense Center
%UserProfile%\Application Data\Defense Center\
%UserProfile%\Start Menu\Defense Center.lnk
%UserProfile%\Start Menu\Programs\Defense Center.lnk
%UserProfile%\Desktop\Defense Center.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
Defense Center is a fairly new rogue, swinging its fists in early June 2010. The idea of the rogue antivirus is to promote itself as an actual virus removal product. Rather, it is a computer infection that uses deceptive tactics and fake-alerts to trick the user in to buying the fake full-version of the product.
Rogue antivirus software is normally installed by means of Trojans, through the use of crack sites, P2P, keygens, rogue downloads, drive-by antivirus scanner pages, and drive-by downloading.
Defense Center has crafted itself to drop random files, which are detected as malware by its own scanner. It offers to remove its own files, if you pay for the upgrade and register the program.
Apparently, this rogue has also been found to be bundled with the TDSS rootkit. It can drop rogue Pragma strings to hide its path to its core file.
Attributes of Defense Center
- Starts automatically with Windows login.
- Installs a hidden infection, making the product rather difficult to remove.
- Drops random files and folders.
- Drops random strings in to the Registry.
- Configures a random proxy server such as 127.0.0.1:1041
- Uninstall command: C:\Program Files\Defense Center\Pklkvqdii+`}`
- Attempts to secure backdoor with an IRC server, where it will steal user data and transfer it to the hacker. If it distributed with the TDSS rootkit, it has a better chance at securing its backdoor access.
- Drops random temporary files in %UserProfile%\Local Settings\Temp
- Attempts to disable Task Manager:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
"DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
"DisableTaskMgr" = "1"
Similar AV scanners
Protection Center, Data Protection, Digital Protection, Your Protection, User Protection, Dr. Guard, and Paladin Antivirus.
CLSID
HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
Note: {5E2121EE-0300-11D4-8D3B-444553540000} is a CLSID also used by legitimate software (ATI Catalyst).
Files and folders belonging to just Defense Center
%UserProfile%\Application Data\Defense Center\
%UserProfile%\Start Menu\Defense Center.lnk
%UserProfile%\Start Menu\Programs\Defense Center.lnk
%UserProfile%\Desktop\Defense Center.lnk
Removal
To remove this rogue antivirus, please follow these instructions:
- Read and follow the steps in this topic.
- Then, post a new topic containing those logs in this section.
..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner
Kaspersky Anti-Virus 2012: Click HereContribute/donate to our site
Mon May 21, 2012 7:06 pm by 
