Your computer is infected with malicious software? Do you have popups on your PC?
If so, search this blog for removal instructions or find computer threats by category.

Sunday, September 5, 2010

How to remove Defence Center (Uninstall Guide)

Tell your friends:
Defence Center is a rogue anti-spyware program that mimics legitimate secuity products and claims that your computer system is infected with mailicious software. It's a clone of Windows Defence which is also a ripoff rogue program. Once installed, Defence Center will pretend to scan your computer for malware and claim to find infected files or system security threats. Surprisingly, it will claim that you need to pay a registration fee in order to updagre the rogue program because the current version can't remove found malware and infected files from your computer. Don't fall victim to this scam and don't buy the rogue program. If you choose to pay for DefenceCenter then it will give you a false sense of security and what is more, it won't remove any infected files from your computer simply because they don't even exist. If you are reading this article then your computer is probably infected with this malware. Thankfully, we've got the instructions to help you to remove Defence Center from your computer for free. Please follow the removal instructions below.




(Thanks to rogueamp)

First of all, can this rogue program delete your files? In theory, it may come bundled or download other malware onto your computer that could delete your files but personaly I haven't heard of any such case. Defence Center reports false system security threats, displays fake warnings, hijacks web browsers and disbles certain system utilities and legitimate anti-virus programs. So, your files should be safe. You may wonder, where did it came from? Well, usually it has to be manually installed so you've probably clicked on infected ads or links. If you think you didn't then it could be that your computer was already infected with Trojans that downloaded the rogue program onto your computer without your permission or knowledge. On way or another this Defence Center malware should be removed upon detection. Once installed, it will display fake security warnings claiming that your computer is under attack from a remote computer or badly infected with malware. It will also display fake alerts while srfing the Internet. The main web page of this rogue program is defence-center.com.

A screen shot of rogue's main web page:


Without a doubt, Defence Center is nothing more but a scam. Don't buy it. If you have already purhcased this rogue security product then contact tour credit card compnay and dispute the charges. Then please follow Defence Center removal instructions below. If you have any questions or additional information about this malware please leave a comment. Good luck and be safe!


Defence Center removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

2. Download anti-malware software from the list below and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Defence Center removal instructions in Normal mode:

1. Download Process Explorer iexplore.exe. Double click to open it. Look for Defence Center in the process list and terminate its process(es). Should be smmservice.exe and DefenceCenter.exe.
2. Download  anti-malware software from the list below. Update it and run a full system scan.
NOTE: before saving the selected program onto your computer, please rename the installer to iexplore.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.
3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.


Defence Center associated files and registry values:

Files:
  • C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\smmservice.exe
  • C:\Documents and Settings\All Users\Application Data\mswd\
  • C:\Documents and Settings\All Users\Application Data\mswd\Base.dat
  • C:\Documents and Settings\All Users\Application Data\mswd\db.avdb
  • C:\Documents and Settings\All Users\Application Data\mswd\DefenceCenter.exe
  • C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\
  • C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\Defence Center.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\Uninstall\
  • C:\Documents and Settings\All Users\Start Menu\Programs\Defence Center\Uninstall\Uninstall.lnk
Registry:
  • HKEY_LOCAL_MACHINE\SOFTWARE\WSI
  • HKEY_LOCAL_MACHINE\SOFTWARE\WSI\MPI
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DefenceCenter
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\DefenceCenter\Info
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMMSERVICE
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMMSERVICE\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SMMSERVICE\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smmservice
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smmservice\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smmservice\Enum
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DefenceCenter
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DefenceCenter\Info
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMMSERVICE
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMMSERVICE\0000
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SMMSERVICE\0000\Control
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smmservice
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smmservice\Security
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\smmservice\Enum
  • HKEY_USERS\.DEFAULT\Software\Microsoft\GDIPlus
  • HKEY_USERS\.DEFAULT\Software\DefenceCenter
  • HKEY_CURRENT_USER\Software\WSI
  • HKEY_CURRENT_USER\Software\WSI\MPI
Share this information with other people:

1 comments:

Richardc said...

Just for anybodies info as I searched hi and lo for a solution.
I had a pc infected by My Security Shield which is another version of this.
It disabled task manager and also would not allow you to install another AV even if you think you've removed it.
There seemed to be lots of posts about taskmanager disappearing but no-one fixed it.
I found that the program had modified the key entries in the registry for taskmgr.exe.
There are three of them
In the first binary value (0) it modifies the entry after the last 28. It should be 28 0A 01but the infected pc was 28 01 0A. Changing them fixed the problem.
There were also a few entries showing DisableTaskmgr but they didn't seem to make a difference but removed them too.