Home > Threats > Defense Center

Defense Center - Fake Anti-spyware Program

Posted on 11 June 2010 under Rogue Programs

1. What is Defense Center?

Defense Center is a bogus computer program, pretending to be anti-spyware software. The viruses that Defense Center will pick up in it's computer scans is not real and is shown only to trick users into purchasing registered license of the software.

1.1. Defense Center behavior

Trojans that has been installed together with Defense Center will display fake security alerts, warning user that his computer system has been infected and urgent help is needed. Windows system will be configured so that the rogue will start each time OS is booted. As soon as Defense Center starts, simulated computer scan will be performed. After computer check has been completed, the user will be warned that the system is infected with viruses and a list of found viruses will be generated also known as exaggerated report. The victim will be offered to remove detected threats, but Defense Center will not allow to, until full program version is purchased. All threat names in the report appear to be not real, so the only thing to worry about is rogue program itself.
Another important thing is that Defense Center will try to damage genuine computer security programs such as Malwarebytes' Anti-Malware, Symantec AntiVirus, ESET or Spyware Doctor. It is recommended to refrain from accepting any suggestions from Defense Center to remove any of these or similar programs.

1.2. Avoid payments for Defense Center

Do not make any payments asked by Defense Center, because the program is an internet fraud and will not remove any of serious threats, even if the full program version has been purchased.

1.3. What to do if Task Manager has been blocked?

To begin computer clean operation, Windows utility Task Manager will be needed to end malicious process, so that it will not interrupt Defense Center removal procedure. However, the utility affected by infection may be blocked, hence it will not start. To enable Task Manager and end malicious process created by Defense Center follow these steps:
  1. Go to Windows directory and open System32 folder (C:\Windows\system32).
  2. Rename file taskmgr.exe to iexplore.exe or taskmgr to iexplore if file extensions are hidden.
  3. Double-click renamed file iexplore or iexplore.exe. If you were able to open Task Manager go to Step5.
  4. If Task Manager still cannot be started, resulting in "Task Manager has been disabled by your administrator" message, go to Start -> Run, type in
    REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f
    and click OK. Then repeat Step3.
    * Editing Windows Registry is complicated and should be performed by advanced computer user. Use this guide at your own risk.
  5. Under Processes tab search for defcnt.exe and end the process, by selecting it and clicking End Process button.
  6. Proceed by downloading Defense Center removal tool below without rebooting the computer.

2. Defense Center screen shot:

Defense Center

3. How to remove Defense Center:

  1. Internet connection might be disabled or Internet browser might be blocked by Defense Center, so it won't be possible to download any files to infected computer. In this case please download all files required for Defense Center removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove Defense Center download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Defense Center.

  5. Restart the computer to complete Defense Center removal procedure.

4. Defense Center files:

C:\Users\[username]\AppData\Roaming\Defense Center\defcnt.exe

5. Hijackthis entries:

O4 – HKCU\..\Run: [Defense Center] “C:\Program Files\Defense Center\defcnt.exe” -noscan