Welcome to the Virus Encyclopedia of Panda Security.
DefenseCenter is an adware program that attempts to deceive users passings itself off as a legitimate antivirus program.
It carries out the following actions:
- When it is run, a windows like the following is displayed:
- Once run, it starts scanning the system in search for possible malware:
- When finished, it displays a warning message informing users that their computer is infected:
- Apart from showing the threats detected during the scan, this message notifies users that it is a trial version and that in order to remove the infections, they have to purchase the full version.
- If users decide to activate the programa, they will be redirected to the website where the product can be purchased.
- In order to gain users' confidence, it passes itself off as an HTTPS site, as can be seen in the image below:
- If, on the contrary, they decide not to follow the program's instructions, different annoying messages will be displayed in order to make them think that their computer is really infected and to advertise the product as well:
- fake infections:
- warning that it is a trial version:
- advertising pop-ups:
DefenseCenter creates a directory called Defense Center in the Program Files directory. In this directory it creates the file DEFCNT.EXE.
DefenseCenter creates the following entries in the Windows Registry:
Defense Center = C:\Program Files\Defense Center\defcnt.exe -noscan
By creating this entry, DefenseCenter ensures that it is run whenever Windows is started.
- HKEY_CURRENT_USER\Software\Defense Center
DefenseCenter modifies the following Windows Registry entry in order to change the Internet security settings:
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Means of transmission
DefenseCenter can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.
DefenseCenter is 2,101,248 bytes in size.