Loading ...|
|
Tweet |  More |
Windows Defending Center Description
While the FakeVimes family of rogue security programs has been around since at least 2009, a recent batch that includes Windows Defending Center was released in 2012. This batch is particularly worrying because ESG security analysts have received reports of rootkit infections associated with this new batch of FakeVimes programs. There are many members of this newest batch of FakeVimes clones, some of which include Windows No-Risk Agent, Windows AntiHazard Helper, Windows AntiHazard Center and Windows Defending Center itself.
Some characteristics that all clones of Windows Defending Center share include a start-up screen that uses a large icon associated with Windows Security Essentials, file names made up of three random characters, and similar symptoms from one clone to another. Windows Defending Center is designed to steal the money of inexperienced computer users by convincing them that they need to purchase a useless security program. To do this, Windows Defending Center will do everything in its power to make its victims think that their computer is infested with various non-existent viruses and Trojans. Removal of Windows Defending Center should be carried out with the help of a reliable anti-malware program with anti-rootkit capabilities.
Understanding How Windows Defending Center Carries Out Its Scam
Basically, the Windows Defending Center scam consists of claiming multiple problems on the victim’s computer in order to make them believe that their computer system is infected. These supposed problems can be either non-existent, or created entirely as a result of the Windows Defending Center infection. After making the victim panic, Windows Defending Center prompts the victim to fix these supposed problems by registering for a ‘full version’ of Windows Defending Center, which is – of course – not free. ESG malware analysts have detected that Windows Defending Center has absolutely no real anti-virus capabilities; it seems that Windows Defending Center and other FakeVimes programs are composed entirely of malicious scripts and a flashy interface to fool its victims. The main symptom of a Windows Defending Center infection will consist of a constant stream of intrusive, annoying error messages that are often poorly written. Windows Defending Center also makes the victim’s computer run slowly and become unstable. Fortunately, using a reliable anti-malware program to remove Windows Defending Center will stop all symptoms of this infection.
Type: Rogue AntiSpyware Programs
How Can You Detect Windows Defending Center?
Download SpyHunter’s Detection Scanner
to Detect Windows Defending Center.
Can’t install SpyHunter? Click here to view possible causes of installation issues.
Windows Defending Center Technical Report
As new Windows Defending Center details are reported by our customers and findings from our Threat Research Center, we will update this section.
Fake message for Windows Defending Center:
The following fake error message(s) appears for Windows Defending Center:
Error
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Error
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.
Error
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.
‘How Windows Defending Center Infects Your Computer’ Video
Windows Defending Center Removal Details
Windows Defending Center has typically the following processes in memory:
- %AppData%\Protector-{RANDOM 3 CHARACTERS}.exe
- %AppData%\Inspector-[RANDOM CHARACTERS].exe
- %AppData%\npswf32.dll
Windows Defending Center creates the following files in the system:
- %CommonPrograms%\Windows Defending Center.lnk
- %DesktopDir%\Windows Defending Center.lnk
- %AppData%\result.db
Windows Defending Center creates the following registry entries:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “WarnOnHTTPSToHTTPRedirect” = 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exe
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableTaskMgr” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “net” = 2012-2-20_1
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings “ID” = 4
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegistryTools” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit” = 0
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Inspector”
Important Article Disclaimer
Windows Defending Center
Leave a Comment
Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.