Windows Defending Center

Windows Defending Center Description

Type: Rogue AntiSpyware Programs

ScreenshotWhile the FakeVimes family of rogue security programs has been around since at least 2009, a recent batch that includes Windows Defending Center was released in 2012. This batch is particularly worrying because ESG security analysts have received reports of rootkit infections associated with this new batch of FakeVimes programs.

There are many members of this newest batch of FakeVimes clones, some of which include Virus Melt, Presto TuneUp, Fast Antivirus 2009, Extra Antivirus, Windows Security Suite, Smart Virus Eliminator, Packed.Generic.245, Volcano Security Suite, Windows Enterprise Suite, Enterprise Suite, Additional Guard, PC Live Guard, Live PC Care, Live Enterprise Suite, Security Antivirus, My Security Wall, CleanUp Antivirus, Smart Security, Windows Protection Suite, Windows Work Catalyst.

Some characteristics that all clones of Windows Defending Center share include a start-up screen that uses a large icon associated with Windows Security Essentials, file names made up of three random characters, and similar symptoms from one clone to another. Windows Defending Center is designed to steal the money of inexperienced computer users by convincing them that they need to purchase a useless security program. To do this, Windows Defending Center will do everything in its power to make its victims think that their computer is infested with various non-existent viruses and Trojans. Removal of Windows Defending Center should be carried out with the help of a reliable anti-malware program with anti-rootkit capabilities.

Understanding How Windows Defending Center Carries Out Its Scam

Basically, the Windows Defending Center scam consists of claiming multiple problems on the victim's computer in order to make them believe that their computer system is infected. These supposed problems can be either non-existent, or created entirely as a result of the Windows Defending Center infection. After making the victim panic, Windows Defending Center prompts the victim to fix these supposed problems by registering for a 'full version' of Windows Defending Center, which is – of course – not free. ESG malware analysts have detected that Windows Defending Center has absolutely no real anti-virus capabilities; it seems that Windows Defending Center and other FakeVimes programs are composed entirely of malicious scripts and a flashy interface to fool its victims. The main symptom of a Windows Defending Center infection will consist of a constant stream of intrusive, annoying error messages that are often poorly written. Windows Defending Center also makes the victim's computer run slowly and become unstable. Fortunately, using a reliable anti-malware program to remove Windows Defending Center will stop all symptoms of this infection.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove Windows Defending Center

Windows Defending Center Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

Windows Defending Center creates the following file(s):
# File Name MD5 Detection Count
1 Protector-mcli.exe b109a4e709b8fdf51047796f6b6e2e08 1
2 %AppData%\Protector-{RANDOM 3 CHARACTERS}.exe N/A
3 %AppData%\Inspector-[RANDOM CHARACTERS].exe N/A
4 %AppData%\npswf32.dll N/A
5 %CommonPrograms%\Windows Defending Center.lnk N/A
6 %DesktopDir%\Windows Defending Center.lnk N/A
7 %AppData%\result.db N/A

Registry Details

Windows Defending Center creates the following registry entry or registry entries:
Registry key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnHTTPSToHTTPRedirect" = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{RANDOM CHARACTERS}.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "net" = 2012-2-20_1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Settings "ID" = 4
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegedit" = 0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Inspector"

More Details on Windows Defending Center

The following messages associated with Windows Defending Center were found:
Attempt to run a potentially dangerous script detected.
Full system scan is a highly recommended.
Keylogger activity detected. System information security is at risk. It is recommended to activate protection and run a full system scan.
Software without a digital signature detected.
Your system files are at risk. We strongly advise you to activate your protection.

Site Disclaimer is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.