Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Anleitungen, FAQs & Links (https://www.trojaner-board.de/anleitungen-faqs-links/)
-   -   Defense Center entfernen (https://www.trojaner-board.de/87504-defense-center-entfernen.html)

AdminBot 23.06.2010 14:57
Defense Center entfernen
 
Liste der Anhänge anzeigen (Anzahl: 10)
Defense Center entfernen


Was ist Defense Center?
Defense Center ist ähnlich zu Protection Center und Your Protection. Defense Center ist eine weitere Rogue-Malware in Form einer gefälschten Scan-Software, die mittels eines sog. Trojaners in den PC eindringt und dem Benutzer weissmacht, den PC nach Malware abzusuchen. Diese Software (Defense Center) ist ein Fake und selbst eine Schadsoftware und sollte nicht gekauft werden.

Da solche Software wie Defense Center sich gegen jede Entfernung wehren wird und Defense Center oftmals noch Rootkits mitinstalliert, sollte eine Neuinstallation des Systems in Erwägung gezogen werden.

Verbreitet wird Defense Center nicht mehr ausschliesslich über 'dubiose Seiten' für Cracks, KeyGens und Warez, sondern auch seriöse Seiten werden zunehmend für die Verbreitung dieser mißbraucht (http://www.trojaner-board.de/90880-d...tallation.html).


http://www.trojaner-board.de/attachm...1&d=1278985888 http://www.trojaner-board.de/attachm...1&d=1278985888



Symptome von Defense Center:
  • ständige Fake Virenmeldungen von Defense Center
  • PC läuft seit Defense Center langsamer als üblich
http://www.trojaner-board.de/attachm...1&d=1278985888 http://www.trojaner-board.de/attachm...1&d=1278985888http://www.trojaner-board.de/attachm...1&d=1278985888
http://www.trojaner-board.de/attachm...1&d=1278985888http://www.trojaner-board.de/attachm...1&d=1278985888http://www.trojaner-board.de/attachm...1&d=1278985888
http://www.trojaner-board.de/attachm...1&d=1278985888http://www.trojaner-board.de/attachm...1&d=1278985888

Fake-Meldungen von Defense Center:
Warning! Virus threat detected!
Virus activity detected!
Net-Worm.Win32 has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat.

Warning! Adware detected!
Adware module detected on your PC!
Zlob.Porn.Ad adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.

Antivirus Alert - Critical threat detected
Warning
Network attack detected
Network attack has been detected. Process is attempting to access your private data.

Warning! Network attack detected!
Network intrusion detected!
Your computer is be attacked from a remote PC.
Attack from <ip address>:27040
Process is trying to steal your passwords listed below. It is highly recommended to block this threat now.

Danger!
A security threat detected on your computer. TrojanASPX.JS.Win32. It strongly recommended to remove this threat right now. Click on the message to remove it.

Danger!
A security threat detected on your computer. This malicious program may steal your private data. Click on the message to ensure the protection of your computer.

Danger!
Harmful viruses detected on your computer. Click on the message to scan your computer for security threats for free.
Dateien von Defense Center:
Code:
c:\Documents and Settings\All Users\Favorites\_favdata.dat
c:\Program Files\Defense Center
c:\Program Files\Defense Center\about.ico
c:\Program Files\Defense Center\activate.ico
c:\Program Files\Defense Center\buy.ico
c:\Program Files\Defense Center\def.db
c:\Program Files\Defense Center\defcnt.exe
c:\Program Files\Defense Center\defext.dll
c:\Program Files\Defense Center\defhook.dll
c:\Program Files\Defense Center\help.ico
c:\Program Files\Defense Center\scan.ico
c:\Program Files\Defense Center\settings.ico
c:\Program Files\Defense Center\splash.mp3
c:\Program Files\Defense Center\Uninstall.exe
c:\Program Files\Defense Center\update.ico
c:\Program Files\Defense Center\virus.mp3
%UserProfile%\Desktop\Defense Center Support.lnk
%UserProfile%\Desktop\Defense Center.lnk
%UserProfile%\Desktop\nudetube.com.lnk
%UserProfile%\Desktop\pornotube.com.lnk
%UserProfile%\Desktop\spam001.exe
%UserProfile%\Desktop\spam003.exe
%UserProfile%\Desktop\troj000.exe
%UserProfile%\Desktop\youporn.com.lnk
%UserProfile%\Start Menu\Programs\Defense Center
%UserProfile%\Start Menu\Programs\Defense Center\About.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Activate.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Buy.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center Support.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Defense Center.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Scan.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Settings.lnk
%UserProfile%\Start Menu\Programs\Defense Center\Update.lnk

Registry-Einträge von Defense Center:
Code:
HKEY_USERS\S-1-5-21-861567501-152049171-1708537768-1003_Classes\secfile
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center
HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Defense Center"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5E2121EE-0300-11D4-8D3B-444553540000}"

Defense Center im HijackThis-Log:
Code:
O4 - HKCU\..\Run: [Defense Center] "C:\Program Files\Defense Center\defcnt.exe" -noscan

AdminBot 24.06.2010 20:10
Defense Center entfernen
 
Defense Center entfernen


Abgesicherter Modus zur Bereinigung
  • Starte einen vollständigen Scan mit Malwarebytes Anti-Malware
Achtung: Diese Fake Software wird versuchen, den Einsatz von Malwarebytes zu verhindern. Benenne das Setup vor dem speichern in etwas anderes um (z.B. Herbert.exe).

Falls es vorher nicht funktioniert hat, sollte das Setup jetzt starten.

Wenn das Programm nach der Installation nicht starten sollte, dann benenne die "mbam.exe" in "herbert.exe" um und versuche es erneut.

Sollte MBAM trotzdem nicht starten: Malwarebytes Anti-Malware startet nicht

http://www.trojaner-board.de/attachm...ntfernen-2.png


Code:
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 27
 
Memory Processes Infected:
C:\Documents and Settings\{username}\Local Settings\Temp\esentutl64.exe (Rogue.DefenseCenter) -> Unloaded process successfully.
 
Memory Modules Infected:
C:\Documents and Settings\{username}\Local Settings\Temp\mschrt20ex.dll (Rogue.FakeAV) -> Delete on reboot.
 
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
 
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\defense center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
 
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
 
Folders Infected:
C:\Program Files\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
 
Files Infected:
C:\Documents and Settings\{username}\Local Settings\Temp\mschrt20ex.dll (Rogue.FakeAV) -> Delete on reboot.
C:\Documents and Settings\{username}\Local Settings\Temp\esentutl64.exe (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Local Settings\Temp\wscsvc32.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\Defense Center\about.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\activate.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\buy.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\def.db (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\defext.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\defhook.dll (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\help.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\scan.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\settings.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\splash.mp3 (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\Uninstall.exe (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\update.ico (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Program Files\Defense Center\virus.mp3 (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\About.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Activate.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Buy.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Defense Center Support.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Defense Center.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Scan.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Settings.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Start Menu\Programs\Defense Center\Update.lnk (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Application Data\Microsoft\Internet Explorer\Quick Launch\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\Defense Center.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\{username}\Desktop\Defense Center Support.LNK (Rogue.DefenseCenter) -> Quarantined and deleted successfully.

Da GuRu 28.06.2010 03:43
Defense Center entfernen
 

Defense Center immer noch nicht entfernt?

OTH - OTHelper - Kill All Processes


Mit aktualisiertem (!!) Malwarebytes Anti-Malware nach Ausführen von OTH nochmal QUICKSCAN ausführen.

Bitte alle temporären Dateien löschen und Speicherplatz freigeben.


Weitergehende Prüfung

Das System könnte noch nicht vollständig sauber sein.

Daher unbedingt ein Thema erstellen: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Nicht vergessen mit FRST-Logfiles wie in der Anleitung beschrieben.

Wie man Hilfe bekommt steht auch hier.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:15 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129