Protection Center (FakeAV) - 11.19.2011 - Analysis and Removal

====notes====
First it messes with the .exe file association so that you won't be able to run programs.

There's .inf and .reg patches to fix this.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Protection Center
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080

Folders Infected:
c:\program files\protection center (Rogue.ProtectionCenter)
c:\windows\csc\d6

Files Infected:
c:\documents and settings\infectedxp\local settings\temp\asd3.tmp.exe
c:\documents and settings\infectedxp\local settings\temp\asd4.tmp.exe
c:\documents and settings\infectedxp\local settings\temp\asd5.tmp.exe
c:\documents and settings\infectedxp\local settings\temp\kernel64xp.dll
c:\documents and settings\infectedxp\local settings\temp\wscsvc32.exe
c:\program files\protection center\cnt.db

has same icon as Zentom System Guard (fakeAV)

if MBAM is installed, it will claim that MBAM is infected and will launch its uninstaller.

====music====
Ensiferum - Victory Song