Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Security Central Analysis and Removal

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg |

Security Central is a malicious software that masquerades as a genuine security software to cheat gullible users. This scareware has a professional looking interface and uses multiple visual and aural fake system alerts that are designed to convince the victims to pay for a fraudulent subscription.

Rogue security software like Security Central are commonly installed when users are redirected to fake online scanner pages or fake ‘video codec required’ pages distributed through out the Web by cyber criminals using blackhat SEO techniques, Spam and Malicious flash advertisements.

A rogue security software such as Security Central belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own. They need to be removed immediately from your system.

Users should not fall for the false alerts of system infection and buy the scareware to ‘clean’ the system. If you purchased one by entering your credit card number at a rogue software website, it would be prudent to:

  • Immediately contact the bank that issued the card and dispute the charges.
  • Request them to not allow any further transaction and cancel the card. You may also request them to issue a new card with a different number.

Security Central Rogue Software

Security Central Trojan

Once allowed to install in the system, this scareware terminates running programs and blocks execution of most programs.

  • It blocks the execution of Firefox and Chrome browsers.
  • It does not block Internet Explorer.
  • It blocks common programs like Windows Media Player, MSPaint etc.
  • It also blocks execution of administrative tasks like Task Manager, Command Prompt, Registry Editor and MS Configuration Editor, presumably to protect itself.

Security Central Aliases

The trojan dropper was named internet99.exe (933,888 bytes) in this instance. It was detected by 27/40 (67.5%) of antivirus engines available with VirusTotal.

This scareware is known by the following aliases:

  • Trojan.Win32.FraudPack.apxz
  • VirTool:Win32/VBInject.gen!DG
  • Virus.Win32.VBInject!IK
  • Win32.TRFakealert.Uz
  • Trojan.Win32.S.VBInject.933888
  • Trojan.Win32.Generic.pak!cobra
  • W32/FakeAlert.BZTL
  • Troj/FakeAV-BDE

Typical Security Central Scare Messages

Malicious program has been detected. Click here to protect your computer.

Firewall Warning Hidden file transfer to remote host has been detected. Security Central has detected a leak of your files through the Internet.

File taskmgr.exe is infected by W32/Blaster worm Please activate Security Central to protect your computer.

Security Central has found 18 suspicious and unwanted files on your computer!

Security Central Associated Files and Folders

  • C:\Documents and Settings\\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Central.lnk
  • C:\Documents and Settings\\Desktop\Security Central.lnk
  • C:\Documents and Settings\\Local Settings\Temp\~DF9627.tmp
  • C:\Documents and Settings\\Start Menu\Security Central\Security Central.lnk
  • C:\Documents and Settings\\UserData\Z8WV3QOK\pmocntr[1].xml
  • C:\Program Files\Security Central\Security Central.exe
  • C:\WINDOWS\Prefetch\
  • C:\Program Files\Security Central
  • C:\Documents and Settings\\Start Menu\Security Central

Some of the file names may be randomly generated. The term or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Security Central Associated Registry Values and Keys

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Central=C:\Program Files\Security Central\Security Central.exe
  • HKEY_CURRENT_USER\Software\BDC4128EE806452F6F72D2390F7B4934
  • HKEY_CURRENT_USER\Software\BDC4128EE806452F6F72D2390F7B4934\FRun=0
  • HKEY_CURRENT_USER\Software\BDC4128EE806452F6F72D2390F7B4934\O`ld=Rdbtshux!Bdous`m
  • HKEY_CURRENT_USER\Software\BDC4128EE806452F6F72D2390F7B4934\Q`ui=B;]Qsnfs`l!Ghmdr]Rdbtshux!Bdous`m]Rdbtshux!Bdous`m/dyd

The term or malwarehelp in the above entries denotes the name of the Windows user account in the test machine.

Security Central Removal (How to remove Security Central)

MalwareBytes’s Anti-Malware (mbam-setup.exe) was able to remove this infection.

  1. Boot in to Windows Safe Mode with networking
  2. Download MalwareBytes’s Anti-Malware (mbam-setup.exe) or from a clean computer download and copy to a USB flash drive.
  3. Double-click mbam-setup.exe to start the installation. Proceed with installation following the prompts. Make sure that the following options are checked when you finish the installation:
    • Update Malwarebytes’ Anti-Malware
    • Launch Malwarebytes’ Anti-Malware
  4. Once the update is completed, select Perform full scan in the Scanner tab. When the scan is completed, click “Show results“, confirm that all instances of the rogue security software are check-marked and then click “Remove Selected” to delete them. If prompted restart immediately to complete the removal process.
  5. Turn System Restore off and on.

You should now be clean of this rogue.

The full version of Malwarebytes’ Anti-Malware performs brilliantly against scareware such as Security Central. The real-time component of the paid version would have cautioned you before the rogue software could install itself. Please consider purchasing the Malwarebytes’ Anti-Malware Full version for additional protection.

If you are unable to get rid of this scareware, please visit one of the recommended forums for malware help and post about your problem.

Security Central Scareware — Screenshots

Security Central Scareware — Video

Note: The Security Central installation and removal was tested on a default installation of Windows XP SP3. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

{ 1 comment… read it below or add one }

ALAN January 24, 2012 at 2:41 PM

GOD HELL!!! That rogue f****(d all my day, tnx for that msg, i downloading now the program which may clean and fix that shit
its ridicilous because i didnt downloaded anything since 3-4 days and it strange how im infected with that shit


Leave a Comment

Previous post:

Next post: