Content Protector or Content Defender as it was called before, is an adware not to be confused with the legitimate WordPress and Joomla plugin “Content Protector”.
The offer
Content Protector by “Artex Management S. A.” is delivered by bundlers that combine desired programs with adware and/or advertisements. It is advertised as a web-filtering application to protect your system while surfing. Instead it serves up their choice of advertisements.
The privacy policy can be found at their site and is certainly worth reading if you are considering this potentially unwanted program (PUP). They do not hide the fact that the program is ad-supported. Even though this seems counterproductive for the advertised goal of the software.
We and the Services may use third party services to provide you with the Services and to serve you with advertisements using Our or third party’s technology.
Installation
As you may be able to tell from the installation screens, someone did not put a lot of effort into the text.
The installation files are fetched from
http://contentprotector-w1.com/install/start/sourceid/1/campaignid/ which is blocked by the Malwarebytes Website Protection module.
Certificate
There is one thing that makes this adware stand out from others. And that is the fact that it installs its own certificate. Which is valid until 2056 and for all purposes.
In the Program Files folder of ContentProtector you will find a subfolder with the certificate and an executable called “import_root_cert.exe” for this purpose.
In the folder called “nss” you will find the Microsoft file certutil.exe which is also needed to complete this task.
Removal
As this adware installs two services and one driver it is hard to remove manually and we would advise you to use a full Malwarebytes Anti-Malware Threat Scan. A full removal guide can be found on our forums.
File details
The installer is detected by Malwarebytes Anti-Malware as PUP.Optional.ContentProtector.
SHA-1 ConProtSe.exe 9814ccbaa0e184f3446ae74b5ab811f50202bb2b
Pieter
