How to remove the fake Defense Center antivirus.
Which Defense Center is a fake one?
This one ----->>
(You can see the unblinking eye asking for your money...) ;-P
It was two days before when I first read about Defense Center in Avast Blog : Defense center and a piece of luck and thought, who will be fooled with such a fake software? Nobody will install such thing. I already use a good AV, why bother to install another fake one?
But, to my dismay, one of the computer where I work is infected with this so called Defense Center. When I open the computer's recent documents, I found out multiple porn .3gps and some horny images. What tha...
>:-(
What happened when Defense Center is inside our computer?
Most notably is this three signs:
- our current antivirus is not running/disabled
- task manager is disabled
- foreign icon exists in our system tray (next to the clock)
- disable the 'Run' command from Start menu
- prevent us from launching any software from our desktop
- running the .exe from Program Files is also a failure
- blocked our access to Windows accessories, eg: Ms Paint, Command Prompt, etc..
- blocked other Windows system tools (eg: regedit)
- 'scanned' our system and showing pop-ups or fake security alerts telling that how our computer is badly infected with viruses and trojans blablabla repeatedly from time to time
- completely disabling my Avira10 and GVR.exe from launching, grrrr..
So, how can we remove Defense Center then?
I found two ways of removing it, either by:
- using a software, eg: Malwarebyte's Anti-Malware (MBAM)
- refer to BleepingComputer.com : How to remove Defense Center (Removal Guide)
- manual removal, deleting files and modifying registries manually
- refer to 2-Spyware.com : Remove Defense Center. Description and removal instructions.
Back to the infected computer, what I did is..
- restart my computer again
- press F8 repeatly (going Safe mode)
- GVR.exe (kill all process) everything (just to make sure there only legimate windows process is running)
- uninstall the fake av from my computer.. Ay? Nothing unusual???
- my startup got something funny.. "bkcgwysg" and "nxourwwtssd.exe"??
(Click to enlarge)
- delete it.
- go to C;\Documents and Settings\[windows profile]\Local Settings\Application Data\
- search for that "xawtmrviv" folder, delete it
- check other area for similar and other foreign folder
- scan it with av and GVR.exe
- restart again
- check from Autoruns.exe
(Click to enlarge)
- delete
- search other area and folders
- scan the whole computer with av again.
And finally, no more fake rogue dumb av nagging again. :-)
But I wonder, do I need to scan with MBAM again?? Just wait and see.. ;-(
OoiGi.blog: "I'm not so sure.. Need to learn more.."
.