Defense Center entfernen

**AdminBot** · 23.06.2010, 15:57

Defense Center entfernen

Was ist Defense Center?
Defense Center ist ähnlich zu Protection Center und Your Protection. Defense Center ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines sog. Trojaners in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (Defense Center) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.

Da solche Software wie Defense Center sich gegen jede Entfernung wehren wird und Defense Center oftmals noch Rootkits mitinstalliert, sollte eine Neuinstallation des Systems in Erwägung gezogen werden.

Verbreitet wird Defense Center nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht (Drive-by-Installation).

Symptome von Defense Center:

ständige Fake Virenmeldungen von Defense Center
PC läuft seit Defense Center langsamer als üblich

Fake-Meldungen von Defense Center:

Warning! Virus threat detected!
Virus activity detected!
Net-Worm.Win32 has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat.

Warning! Adware detected!
Adware module detected on your PC!
Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.

Antivirus Alert - Critical threat detected
Warning
Network attack detected
Network attack has been detected. Process is attempting to access your private data.

Warning! Network attack detected!
Network intrusion detected!
Your computer is be attacked from a remote PC.
Attack from <ip address>:27040
Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.

Danger!
A security threat detected on your computer. TrojanASPX.JS.Win32. It strongly recommended to remove this threat right now. Click on the message to remove it.

Danger!
A security threat detected on your computer. This malicious program may steal your private data. Click on the message to ensure the protection of your computer.

Danger!
Harmful viruses detected on your computer. Click on the message to scan your computer for security threats for free.

Dateien von Defense Center:

Code:

c:\Documents and Settings\All Users\Favorites\_favdata.dat
c:\Program Files\Defense Center
c:\Program Files\Defense Center\about.ico
c:\Program Files\Defense Center\activate.ico
c:\Program Files\Defense Center\buy.ico
c:\Program Files\Defense Center\def.db
c:\Program Files\Defense Center\defcnt.exe
c:\Program Files\Defense Center\defext.dll
c:\Program Files\Defense Center\defhook.dll
c:\Program Files\Defense Center\help.ico
c:\Program Files\Defense Center\scan.ico
c:\Program Files\Defense Center\settings.ico
c:\Program Files\Defense Center\splash.mp3
c:\Program Files\Defense Center\Uninstall.exe
c:\Program Files\Defense Center\update.ico
c:\Program Files\Defense Center\virus.mp3
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\nudetube.com.lnk
%UserProfile%\Desktop\pornotube.com.lnk
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\youporn.com.lnk
%UserProfile%\Start Menu\Programs\Defense Center
%UserProfile%\Start Menu\Programs\Defense Center\About.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Update.lnk

Registry-Einträge von Defense Center:

Code:

HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Defense Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Defense Center im HijackThis-Log:

Code:

O4 - HKCU\..\Run: [Defense Center] "C:\Program Files\Defense Center\defcnt.exe" -noscan

**AdminBot** · 24.06.2010, 21:10

Defense Center entfernen

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

Starte einen vollständigen Scan mit Malwarebytes Anti-Malware

Achtung: Diese Fake Software wird versuchen, den Einsatz von Malwarebytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).

Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.

Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.

Sollte MBAM trotzdem nicht starten: Malwarebytes Anti-Malware startet nicht

Code:

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 27
 
Memory Processes Infected:
C:\Documents and Settings\{username}\Local Settings\Temp\esentutl64.exe (Rogue.DefenseCenter) -> Unloaded process successfully.
 
Memory Modules Infected:
C:\Documents and Settings\{username}\Local Settings\Temp\mschrt20ex.dll (Rogue.FakeAV) -> Delete on reboot.
 
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
 
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\defense center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
 
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
 
Folders Infected:
C:\Program Files\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
 
Files Infected:
C:\Documents and Settings\{username}\Local Settings\Temp\mschrt20ex.dll (Rogue.FakeAV) -> Delete on reboot.
C:\Documents and Settings\{username}\Local Settings\Temp\esentutl64.exe (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Defense Center\about.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\activate.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\buy.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\def.db (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\defext.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\defhook.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\help.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\scan.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\settings.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\splash.mp3 (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\Uninstall.exe (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\update.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\virus.mp3 (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\About.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Activate.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Buy.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Defense Center Support.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Defense Center.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Scan.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Settings.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Update.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\Defense Center Support.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.

**Da GuRu** · 28.06.2010, 04:43

Defense Center immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes

Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit OTL Logfiles....

Defense Center entfernen

Anleitungen, FAQs & Links: Defense Center entfernen

Defense Center entfernen

Ähnliche Themen: Defense Center entfernen