Most people are curious how they got infected with Protection Center? Usually, this rogue program has to be manually installed. Most of the time ProtectionCenter pretends to be flash player or an update or any other legitimate software. Of course, it may come bundled with other malware or enter your computer without your consent through software vulnerabilities. One way or another, Protection Center should be removed from the system as soon as possible.
While running, the rogue program displays numerous fake security alerts and pop-ups. Some of those alerts read:
"Warning! Virus threat detected!
Virus activity detected!
Email-Worm.BAT adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now."
A security threat detected on your computer. This malicious
program may steal your private data. Click on the message to
ensure the protection of your computer."
However, the biggest problem is that Protection Center may block Task Manager and legitimate anti-virus and anti-malware software. It some cases it blocks all executable files. Besides, this rogue program can come bundled with TDSS rootkit. That's why we strongly recommend you to scan your computer with at least one legitimate anti-malware program provided in the removal instructions below and run a system scan with free TDSS rootkit removal utility called TDSSKiller. Please note that you may have to reboot your computer is Safe Mode with Networking in order to download recommend removal tools. Just follow Protection Center removal instructions below. By the way, if you have already purchased it, then contact your credit card company and dispute the charges. If you have any questions or additional information about this malware, please leave a comment. Good luck and be safe!
Protection Center removal instructions (in Safe Mode with Networking, Method 1):
1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm
NOTE: Login as the same user you were previously logged in with in the normal Windows mode.
2. Download one of the following anti-malware software and run a system scan:
NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. Launch the program and follow the prompts. Don't forget to update the installed program before scanning. Then reboot your computer in "Normal Mode" and run a system scan again. That's it!
4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.
Protection Center removal instructions: (Method 2)
1. Go to Start->Run or press WinKey+R. Type in "command" and press Enter key.
2. In the command prompt window type "notepad". Notepad will come up.
3. Copy all the text in blue color below and paste into Notepad.
Windows Registry Editor Version 5.00
4. Save file as regfix.reg to your Desktop. NOTE: (Save as type: All files)
5. Double-click on regfix.reg file to run it. Click "Yes" for Registry Editor prompt window. Then click OK.
6. Download and execute TDSSKiller.exe (NOTE: you may have to rename TDSSKiller.exe to explorer.com yourself or download already renamed explorer.com file in order to run it)
3. Follow the prompts and wait for the scan and disinfection process to be over. Close all programs and press “Y” key to restart your computer.
More detail TDSSKiller tutorial: http://support.kaspersky.com/viruses/solutions?qid=208280684
4. Download one of the following anti-malware software and run a system scan:
Protection Center associated files and registry values:
- C:\Program Files\Protection Center\about.ico
- C:\Program Files\Protection Center\activate.ico
- C:\Program Files\Protection Center\buy.ico
- C:\Program Files\Protection Center\cnt.db
- C:\Program Files\Protection Center\cntext.dll
- C:\Program Files\Protection Center\cnthook.dll
- C:\Program Files\Protection Center\cntprot.exe
- C:\Program Files\Protection Center\help.ico
- C:\Program Files\Protection Center\scan.ico
- C:\Program Files\Protection Center\settings.ico
- C:\Program Files\Protection Center\splash.mp3
- C:\Program Files\Protection Center\Uninstall.exe
- C:\Program Files\Protection Center\update.ico
- C:\Program Files\Protection Center\virus.mp3
- %UserProfile%\Start Menu\Programs\Protection Center\
- HKEY_CURRENT_USER\Software\Malware Defense
- HKEY_CURRENT_USER\Software\Paladin Antivirus
- HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection Center
- HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
- HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Protection Center"