Protection Center (FakeAV) - 11.19.2011 - Analysis and Removal

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
331 views
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Nov 18, 2011

====notes====
First it messes with the .exe file association so that you won't be able to run programs.

There's .inf and .reg patches to fix this.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080

Folders Infected:
c:\program files\protection center (Rogue.ProtectionCenter)
c:\windows\csc\d6

Files Infected:
c:\documents and settings\infectedxp\local settings\temp\asd3.tmp.exe
c:\documents and settings\infectedxp\local settings\temp\asd4.tmp.exe
c:\documents and settings\infectedxp\local settings\temp\asd5.tmp.exe
c:\documents and settings\infectedxp\local settings\temp\kernel64xp.dll
c:\documents and settings\infectedxp\local settings\temp\wscsvc32.exe
c:\program files\protection center\cnt.db

has same icon as Zentom System Guard (fakeAV)

if MBAM is installed, it will claim that MBAM is infected and will launch its uninstaller.

====music====
Ensiferum - Victory Song

Category:

Education

Tags:

License:

Standard YouTube License

Link to this comment:

Share to:
see all

All Comments (0)

Sign In or Sign Up now to post a comment!
Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more