Defense center, as I wrote in my previous article (Defense Center), is a new rogue antispyware program. It is a malicious program from the same family of malware as Protection Center, Data Protection, etc.
Defense center is designed with one purpose – to scare you into thinking that your computer in danger as method to trick you into purchasing the full version of the program. If your computer is infected with this malware, then most importantly, do not purchase it! Uninstall the rogue from your computer as soon as possible. Use the removal guide below to remove Defense center from your computer for free.
Use the following instructions to remove Defense Center (Uninstall instructions)
Step 1. Repair “running of .exe files”.
Click Start, Run. Type command and press Enter. Command console “black window” opens. Type notepad as shown below
Command console
Press Enter. Notepad opens. Copy all the text below into Notepad.
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\Classes\.exe]
[-HKEY_CURRENT_USER\Software\Classes\secfile]
[-HKEY_CLASSES_ROOT\secfile]
[-HKEY_CLASSES_ROOT\.exe\shell\open\command]
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
You will see window similar to the one below.
Notepad
Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.) Double Click fix.reg and click YES for confirm.
If you can`t create fix.reg, then download fix.zip from here, unzip it. Double Click fix.reg and click YES for confirm.
Step 2. Remove core components of Defense center
Please download OTM by OldTimer from here and save it to your desktop.
Run OTM. Copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Defense Center"=-
:files
C:\Program Files\Defense Center
You will see window similar to the one below.
Click the red Moveit! button. Once finished, close OTM.
Step 3. Remove TDSS trojan-rootkit
Download TDSSKiller from here and unzip to your desktop.
Open TDSSKiller folder. Right click to tdsskiller and select rename. Type a new name (123myapp, for example). Press Enter. Double click the TDSSKiller icon to start scanning Windows registry for TDSS trojan. If it is found, the you will see a screen similar to the one below.
TDSSKiller
When TDSSKiller will prompt you to press “Y”, type Y and press Enter. Your computer will be rebooted.
Step 4. Remove Defense Center associated malware.
Download MalwareBytes Anti-malware (MBAM). Once downloaded, close all programs and windows on your computer.
Double-click on the icon on your desktop named mbam-setup.exe. This will start the installation of MalwareBytes Anti-malware onto your computer. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to “Update Malwarebytes’ Anti-Malware” and Launch “Malwarebytes’ Anti-Malware”. Then click Finish.
MalwareBytes Anti-malware will now automatically start and you will see a message stating that you should update the program before performing a scan. If an update is found, it will download and install the latest version.
As MalwareBytes Anti-malware will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main menu. You will see window similar to the one below.
Malwarebytes Anti-Malware Window
Make sure the “Perform quick scan” option is selected and then click on the Scan button to start scanning your computer for Defense Center infection. This procedure can take some time, so please be patient.
When the scan is finished a message box will appear that it has completed scanning successfully. Click OK. Now click “Show Results”. You will see a list of infected items similar as shown below.
Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure all entries have a checkmark at their far left and click “Remove Selected” button to remove Defense Center. MalwareBytes Anti-malware will now remove all of associated Defense Center files and registry keys and add them to the programs’ quarantine. When MalwareBytes Anti-malware has finished removing the infection, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
Note 2: if you need help with the instructions, then post your questions in our Spyware Removal forum.
Note 3: your current antispyware and antivirus software let the infection through ? Then you may want to consider purchasing the FULL version of MalwareBytes Anti-malware to protect your computer in the future.
Defense Center creates the following files and folders
C:\Program Files\Defense Center
%UserProfile%\Start Menu\Programs\Defense Center
C:\Program Files\Defense Center\defhook.dll
C:\Program Files\Defense Center\defcnt.exe
C:\Program Files\Defense Center\about.ico
C:\Program Files\Defense Center\activate.ico
C:\Program Files\Defense Center\buy.ico
C:\Program Files\Defense Center\help.ico
C:\Program Files\Defense Center\scan.ico
C:\Program Files\Defense Center\settings.ico
C:\Program Files\Defense Center\splash.mp3
C:\Program Files\Defense Center\uninstall.exe
C:\Program Files\Defense Center\update.ico
C:\Program Files\Defense Center\def.db
C:\Program Files\Defense Center\defext.dll
C:\Program Files\Defense Center\virus.mp3
%UserProfile%\Start Menu\Programs\Defense Center\About.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Update.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.lnk
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
Defense Center creates the following registry keys and values
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Defense Center
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies \System\DisableTaskMgr
When I click on OTM it ask me to choose a program to run it. Which program do I use to run OTM?
andrew, looks like reg patch (step 1) was not applied. Repeat the first step.
Thank u very much u save my life 😉
wow. Have I just found the best site for Malware removal? I’ve tried everything and was about to format my computer after storing all my data to an external HD.
This is the nastiest Malmare I’ve ever gotten!
The virus maker should get his ball chopped to pieces
This stuff has to be illegal. Have any law enforcement types looked into prosecuting the perpetrators? Should be easy enough to find if you buy their product.
thank you very much for the info. i was a little scared that something happened to my laptop but once again thank you for posting this for everyone that comes with this virus !!!
Excellent instructions on how to remove another one of these stupid programs. NICE ONE
I followed all the steps, and it seemed to be working- but once I used Malwarebytes, and it finished the scan, it tells me to click “ok” then “show results”.
I click “ok” in order to then click “show results”, but when I click “ok” malwarebytes closes. What am I missing??
Abbey, try re-run TDSSKiller.
I ran it again, but it didn’t find anything the second time D:
Abbey, open a new topic in our Spyware removal forum. I will check your PC.
thanks a lot. i was so freaked out when i got the trojan. this was a great help and the only method that worked.
My fix.reg did not work so i tried fix.inf but i have no option to install?
nice
Thanks. Worked great but I still can access my task manager & whenever I try to open a file or program, it says what would you like to open program with. I can run regedit or msconfig because it keeps asking me what to open them with. Any help would be great. All in all, great program though. Worst virus I ever had.
I mean I can’t access my task manager.
Got it working now. I had to manually enable a few things & manually enable the task manager after I downloaded broken .exe files for windows xp. Great site!! You saved us all.
Danielle, no “Install” option in right button menu ?
This surely works. Thanks a lot. Hats off to you.
For some reason i can’t start my task Manager, it keeps saying that admin disabled it ;S, how can i fix that?
Also my Internet explorer wont work, at this moment i got mozilla.
I am unable to open internet explorer or firefox due to this “Defense Center” trojan. (I am currently on another computer)
As such, I cannot download the programs this guide calls for. Any suggestions?
Taskmanager, perform a scan with Malwarebytes.
Dan, follow the first step instructions above, then move the suggested application to your PC using a flash or cd disk, after that follow 2-4 steps.
Thank you very much!
Thank you!!!!! I got it all cleaned up before my dad got home!!! Thanks!!!
WHo are these criminals? I have been robbed of $60 because I did not know of the scam.
Thank you soooooo much! worked so well!
thanks for your help. this crap got on my laptop and your instructions got rid of it – youre heroes !
thanks again.
N
thank you genius, you are the great master.
i’ve cleared the symptoms of the defeense center malware but still shows up on my security center. I cant connect thru wifi and its telling me defense center antivirus is out of date