(Thanks to rogueamp)
First of all, can this rogue program delete your files? In theory, it may come bundled or download other malware onto your computer that could delete your files but personaly I haven't heard of any such case. Defence Center reports false system security threats, displays fake warnings, hijacks web browsers and disbles certain system utilities and legitimate anti-virus programs. So, your files should be safe. You may wonder, where did it came from? Well, usually it has to be manually installed so you've probably clicked on infected ads or links. If you think you didn't then it could be that your computer was already infected with Trojans that downloaded the rogue program onto your computer without your permission or knowledge. On way or another this Defence Center malware should be removed upon detection. Once installed, it will display fake security warnings claiming that your computer is under attack from a remote computer or badly infected with malware. It will also display fake alerts while srfing the Internet. The main web page of this rogue program is defence-center.com.
A screen shot of rogue's main web page:
Without a doubt, Defence Center is nothing more but a scam. Don't buy it. If you have already purhcased this rogue security product then contact tour credit card compnay and dispute the charges. Then please follow Defence Center removal instructions below. If you have any questions or additional information about this malware please leave a comment. Good luck and be safe!
Defence Center removal instructions (in Safe Mode with Networking):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download anti-malware software from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Defence Center removal instructions in Normal mode:
1. Download Process Explorer iexplore.exe. Double click to open it. Look for Defence Center in the process list and terminate its process(es). Should be smmservice.exe and DefenceCenter.exe.
2. Download anti-malware software from the list below. Update it and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as Auto Infoistrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Defence Center associated files and registry values:
Files:
- C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\smmservice.exe
- C:\Documents and Settings\All Users\Application Data\mswd\
- C:\Documents and Settings\All Users\Application Data\mswd\Base.dat
- C:\Documents and Settings\All Users\Application Data\mswd\db.avdb
- C:\Documents and Settings\All Users\Application Data\mswd\DefenceCenter.exe
- C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\
- C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\Defence Center.lnk
- C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\Uninstall\
- C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\Uninstall\Uninstall.lnk
- HKEY_LOCAL_MACHINE\SOFTWARE\WSI
- HKEY_LOCAL_MACHINE\SOFTWARE\WSI\MPI
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DefenceCenter
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DefenceCenter\Info
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMMSERVICE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMMSERVICE\0000
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMMSERVICE\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smmservice
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smmservice\Security
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smmservice\Enum
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DefenceCenter
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DefenceCenter\Info
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMMSERVICE
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMMSERVICE\0000
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMMSERVICE\0000\Control
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smmservice
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smmservice\Security
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smmservice\Enum
- HKEY_USERS\.DEFAULT\Software\Microsoft\GDIPlus
- HKEY_USERS\.DEFAULT\Software\DefenceCenter
- HKEY_CURRENT_USER\Software\WSI
- HKEY_CURRENT_USER\Software\WSI\MPI
No comments:
Post a Comment