Rogue software details: Protection Center

Protection Center is a rogue security application. In order to remove it, find out what files and registry entries to look for below.

Known system changes:

Files
c:\Desktop\Protection Center.lnk
c:\Desktop\Protection Center Support.lnk
c:\ProgramFiles\Protection Center\cntprot.exe
c:\Temp\mscdexnt.exe
c:\Temp\wscsvc32.exe

Folders
c:\ProgramFiles\Protection Center
c:\StartMenu\Programs\Protection Center

Registry entries
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Policies\System
Value: DisableTaskMgr
Data: 01, 00, 00, 00
Key: HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-
8D3B-444553540000}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall\Protection Center
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Program Groups
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center
Key: HKEY_CURRENT_USER\Software\Classes\.exe
Value: (Default)
Data: secfile
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run
Value: Protection Center
Data: “C:\Program Files\Protection Center\cntprot.exe” -noscan
Key: HKEY_CLASSES_ROOT\.exe
Value: (Default)
Data: secfile

Source: Lavasoft Malware Lab’s Rogue Gallery.




Share this