Protection Center Removal Report

Protection Center

2 Comments

By JubileeX in Rogue Anti-Spyware Program | 1,087 views

Rate it:

(1 votes, average: 4.00 out of 5)

Loading ...

Translate To:

Español |

Português

[+] Click Image to Enlarge

Protection Center is a fake anti-spyware application from the same family as the rogueware called Data Protection. Protection Center is distributed by Trojans that can surreptitiously infiltrate targeted computers. Once Protection Center is inside a computer system, it will display fake security alerts and simulate a bogus system scan which will report that the system is badly infected with malware. The fake security alerts will mention threats such as Exploit.Win32 to convince users of the urgent need to purchase the “licensed version” of Protection Center to clean their computers from the supposed threats.

Protection Center is unable to detect or remove any type of computer threat therefore users should not waste their money on this useless application.

Type: Rogue AntiSpyware Programs

How Can You Detect Protection Center?

Download SpyHunter’s Detection Scanner
to Detect Protection Center.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Protection Center Technical Report

As new Protection Center details are reported by our customers and findings from our Threat Research Center, we will update this section.

Fake message for Protection Center:

The following fake error message(s) appears for Protection Center:

Danger!
Unauthorized person tries to steal your passwords and private information. Click on the message to prevent identity theft.

Warning! Virus threat detected!
Virus activity detected!
Email-Worm.BAT adware has been detected. This adware module advertises websites with explicit content. Be advised of such content being possibly illegal. Please click the button below to locate and remove this threat now.

Danger!
Harmful viruses detected on your computer. Click on the message to scan your comp

Protection Center Removal Details

Protection Center has typically the following processes in memory:

%Program Files%\Protection Center\protcen.exe
%Temp%\wscsvc32.exe
%Program Files%\Protection Center\prothook.dll
%Temp%\mswinsck.exe
%Program Files%\Protection Center\protext.dll
%Program Files%\Protection Center\uninstall.exe
%Documents and Settings%\All Users\Application Data\fiosejgfse.dll

Protection Center creates the following files in the system:

%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\Buy.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\Scan.lnk
%Documents and Settings%\[UserName]\Application Data\Microsoft\Internet Explorer\Quick Launch\Protection Center.lnk
%Program Files%\Protection Center\activate.ico
%Program Files%\Protection Center\help.ico
%Program Files%\Protection Center\splash.mp3
%Temp%\4otjesjty.mof
%Documents and Settings%\[UserName]\Desktop\Protection Center.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\Activate.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\Protection Center.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\Update.lnk
%Program Files%\Protection Center\about.ico
%Program Files%\Protection Center\prot.db
%Program Files%\Protection Center\settings.ico
%Program Files%\Protection Center\virus.mp3
%Documents and Settings%\[UserName]\Desktop\Protection Center Support.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\About.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\Protection Center Support.lnk
%Documents and Settings%\[UserName]\Start Menu\Programs\Protection Center\Settings.lnk
%Program Files%\Protection Center
%Program Files%\Protection Center\buy.ico
%Program Files%\Protection Center\scan.ico
%Program Files%\Protection Center\update.ico

Protection Center creates the following registry entries:

HKEY_CURRENT_USER\Software\Paladin Antivirus
HKEY_CLASSES_ROOT\secfile
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Protection Center”
HKEY_CURRENT_USER\Software\Malware Defense
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Protection Center
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = “1″
HKEY_CURRENT_USER\Software\Classes\secfile
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense
HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center

Important Article Disclaimer

This entry was last updated on 06/2/10 and posted on 06/2/10. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Protection Center”

Wayne Says:
June 13th, 2010 at 10:20 pm
Trojan is a variant of Win32/FakeXPA

[Reply]
Kaylin Says:
January 7th, 2012 at 5:00 pm
Help, I’ve been informed and I can’t become ignorant.

[Reply]

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.