Defense center, as I wrote in my previous article (Defense Center), is a new rogue antispyware program. It is a malicious program from the same family of malware as Protection Center, Data Protection, etc.
Defense center is designed with one purpose – to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your computer as soon as possible. Use the removal guide below to remove Defense center from your computer for free.
Use the following instructions to remove Defense Center (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Click Start, Run. Type command and press Enter. Command console “black window” opens. Type notepad as shown below
Command console
Press Enter. Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
You will see window similar to the one below.
Notepad
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.) Double Click fix.reg and click YES for confirm.
If you can`t create fix.reg, then download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.
Step 2. Remove core components of Defense center
Please download OTM by OldTimer from here and save it to your desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Defense Center"=-
:files
C:\Program Files\Defense Center
You will see window similar to the one below.
Click the red Moveit! button. Once finished, close OTM.
Step 3. Remove TDSS trojan-rootkit
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon to start scanning Windows registry for TDSS trojan. If it is found, the you will see a screen similar to the one below.
TDSSKiller
When TDSSKiller will prompt you to press “Y”, type Y and press Enter. Your computer will be rebooted.
Step 4. Remove Defense Center associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Defense Center infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Defense Center. MalwareBytes Anti-malware will now remove all of associated Defense Center files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Defense Center creates the following files and folders
C:\Program Files\Defense Center
%UserProfile%\Start Menu\Programs\Defense Center
C:\Program Files\Defense Center\defhook.dll
C:\Program Files\Defense Center\defcnt.exe
C:\Program Files\Defense Center\about.ico
C:\Program Files\Defense Center\activate.ico
C:\Program Files\Defense Center\buy.ico
C:\Program Files\Defense Center\help.ico
C:\Program Files\Defense Center\scan.ico
C:\Program Files\Defense Center\settings.ico
C:\Program Files\Defense Center\splash.mp3
C:\Program Files\Defense Center\uninstall.exe
C:\Program Files\Defense Center\update.ico
C:\Program Files\Defense Center\def.db
C:\Program Files\Defense Center\defext.dll
C:\Program Files\Defense Center\virus.mp3
%UserProfile%\Start Menu\Programs\Defense Center\About.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Update.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.lnk
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
Defense Center creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Defense Center
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
Terrible infection Devense Center … can we make legal act to this people ? Thank you for your Job you safe my data ..
This process doesn’t work for me. TDSS does n’t support 64 bit OS, and I run WIndows Vista’s 64 bit version.
MerCuryKnight, skip “TDSS” step.
nice and very important info txs..
Thanks This really works It clear all that bad stuff
Thank you!! You’re a genius! I am so glad I didn’t have to reformat my drive to get rid of that nasty infection.
Thank you so much for posting this, the Defense Center was really a nasty piece of malware.
Thank you so much. I have only had my laptop 4 months and I was so worried that this malware may have done me in. I didn’t want to pay a lot of money to have my computer cleaned out. This article really came to my rescue. Thanks a million!
Hi i’ve followed your instruction. however, when i use the Malwarebytes anti-malware it finds the defence center, but defense center is able to get around it by saying malwarebytes is a virus that needs to be uninstalled.
Please help.. thank you
WELL DONE.
A great fix for a nasty bug! Easy instructions for a novice like me.
THANKS!!!!
Joe, ignore the fake alert. If you need a help, please start a new topic in our Spyware removal forum.
My laptop got affect with Defence centre malware. It kept bright fake security notices.
Followed the above steps and to my pleasant surprise it is all clear. THANK U VERY MUCH …great fix.
i cant open any programs or download a removel prog for defence center, esentutl64.exe has stoped working come up on the screen, what do i do? Please help
What happened? I got as far as the notepad part and now none of my executables will work. I get an error message saying that nothing is associated with the extention. I can’t even create a new exe extention because what ever happened wipes it immediately.
Thank you,
Simple clear instructions. Worked first time. Great site.
When I try to do step 1 it says that registry editing isn’t allowed. I tried the gpedit.msc way to turn it back on but it doesn’t seem to work.
Hi, thanks for the great steps on removing this. Just a quick question though, I run a 64 bit OS too, does the trojan get removed by malwarebytes? Once again, many thanks.
thank you so much, this thing was doing my head in!!!
Andrew, use the first step above to disable “esentutl64.exe” malware.
Frank, repeat the first step above. Also you can use exeHelper (link) to fix this problem.
Bob, download fix1.zip from here, unzip it. Right click fix.inf and select Install. Then go to step 2.
Oliver, if you using 64bit OS, then you need to skip the step 3.
Works perfecty fine
When I try to run registry editor file, fix.reg, I’m getting an error \Not all registries were modified because some are being used by other processes\. The user has Admin rights, so what is the problem? How do I get around this?
Thank you so MUCH !!!
I got so frustrated with this **** virus that I almost throw my comp. in the trash. THANK YOU SO MUCH.
Frustrated, try use fix.inf. Read my answer to Bob (Comment by Patrik — June 17, 2010).
Thanks Patrik, that worked great.
Frank
Nice work. Had this virus with 4 users now and this was the easiest and most effective route to getting rid of it. Much thanks.
Paul
When I try to run OTM, I get the message, “OTM.exe is not a valid Win32 application.
Please help!
James, try redownload OTM.