Content Protector or Content Defender as it was called before, is an adware not to be confused with the legitimate WordPress and Joomla plugin “Content Protector”.
Content Protector by “Artex Management S. A.” is delivered by bundlers that combine desired programs with adware and/or advertisements. It is advertised as a web-filtering application to protect your system while surfing. Instead it serves up their choice of advertisements.
We and the Services may use third party services to provide you with the Services and to serve you with advertisements using Our or third party’s technology.
As you may be able to tell from the installation screens, someone did not put a lot of effort into the text.
Content Defender is still used instead of Content Protector and where the text says Finish the button says Close.
The installation files are fetched from
http://contentprotector-w1.com/install/start/sourceid/1/campaignid/ which is blocked by the Malwarebytes Website Protection module.
There is one thing that makes this adware stand out from others. And that is the fact that it installs its own certificate. Which is valid until 2056 and for all purposes.
In the Program Files folder of ContentProtector you will find a subfolder with the certificate and an executable called “import_root_cert.exe” for this purpose.
In the folder called “nss” you will find the Microsoft file certutil.exe which is also needed to complete this task.
As this adware installs two services and one driver it is hard to remove manually and we would advise you to use a full Malwarebytes Anti-Malware Threat Scan. A full removal guide can be found on our forums.
The installer is detected by Malwarebytes Anti-Malware as PUP.Optional.ContentProtector.
SHA-1 ConProtSe.exe 9814ccbaa0e184f3446ae74b5ab811f50202bb2b