Friday, 20 May 2011

How to Remove Security Center (Uninstall Guide)

Security Center is a rogue antivirus application that displays completely fake malware detection alerts and claims that you are infected with spyware, Trojans and other viruses. The fake anti-virus is distributed through the use of fake malware scanners using blackhat SEO techniques, poisoning Google search results. It doesn't actually scan your computer and once it is finished, Security Center will claim that to clean up your computer, you must register the application. The Trojan horse which displays this fake Security Center scanner goes by a few different names, i.e., Antivirus Pro, Antivirus Center and some other names. It detects the same 18 malware infections on different computers, even if they are freshly re-installed. Oh, and another thing, if you're familiar with Windows Defender, you'll see that Security Center is pretty much the exact copy of genuine anti-spyware application maintained by Microsoft. That's probably the biggest problem because users may think that Security Center is a legitimate Microsoft program, but it isn't. It is also worth mentioning that this fake antivirus can not delete your files and it can steal your sensitive information. If you've ended up with this rogue security product, please follow the steps in the removal guide below to remove Security Center from your computer. And if you need help removing it, just let me know. Good luck and be safe online!



Fake Security Center warning:
Security Center
Your computer is under the infections threat. Run instant
shield protection to safe your data and prevent internet
access to your credit card information


Fake Firewall Alerts:
Security Center Firewall Alert
Security Center has prevented a program from
accessing the Internet.

Warning
Suspicious activity in your registry
system space was detected.


You can use this serial D13F-3B7D-B3C5-BD84 to register Security Center in order to stop the fake security alerts that are really annoying. Once this is done, you are free to install anti-malware software and remove the rogue anti-virus program from your computer properly.



Security Center removal instructions (in Safe Mode with Networking):

1. Reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode. Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm



2. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

3. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Alternate Security Center removal instructions:

1. Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.

2. Search for such entry in the scan results (Windows XP):
O4 - HKCU\..\Run: [SET OF RANDOM CHARACTERS] rundll32.exe "C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].dat", [SET OF RANDOM CHARACTERS]
O4 - Startup: [SET OF RANDOM CHARACTERS].lnk = C:\WINDOWS\system32\rundll32.exe

Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.

3. Download free anti-malware software from the list below and run a full system scan.
NOTE: in some cases the rogue program may block anti-malware software. Before saving the selected program onto your computer, you may have to rename the installer to iexplore.exe, explorer.exe or winlogon.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator. Launch the program and follow the prompts. Don't forget to update the installed program before scanning.

4. New threats appear every day. In order to protect your PC from such (new) infections we strongly recommend you to use ESET Smart Security.

Associated Security Center files and registry values:

Files:

Windows XP
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].dat
  • C:\Documents and Settings\All Users\Application Data\[SET OF RANDOM CHARACTERS].ico
  • C:\Documents and Settings\[UserName]\Desktop\Security Center.lnk
  • C:\Documents and Settings\[UserName]\Local Settings\Temp\[SET OF RANDOM CHARACTERS].tmp
Windows Vsita/7
  • C:\ProgramData\[SET OF RANDOM CHARACTERS].dat
  • C:\ProgramData\[SET OF RANDOM CHARACTERS].ico
    • C:\Users\[UserName]\Desktop\Security Center.lnk
  • C:\Users\[UserName]\AppData\Local\Temp\[SET OF RANDOM CHARACTERS].tmp
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Cryptography MachineGuid = "[SET OF RANDOM CHARACTERS]"
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List "C:\WINDOWS\system32\rundll32.exe" = "C:\WINDOWS\system32\rundll32.exe:*:Enabled:Security Center"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
Share the knowledge:
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)