Systweak Spyware Library
Systweak Spyware Library text
More than 21875 spyware signatures and growing
Microsoft Gold Certified Partner
Search in:
Malware.privacycenter Analysis Report
Threat Submitted On: 5/28/2009 10:11:56 AM
Threat Analysed On: 5/28/2009 3:11:56 PM
Threat Updated On: 1/27/2011 8:07:17 PM
Type : Malware (General)
Symptoms of privacycenter
  • Program that is developed to creep into a computer system without user’s consent
  • Has the capability to amend the system settings, distort the registry and annihilate personal data
Information
Alias : fraudtool.win32.privacycenter.b
Md5 Hash : [Not Available]
File Size : [ Not Available ]

Technical Details

Here are the Technical findings of our analysis team after analyzing this malware in detail :-

Creates the following infected Files on user's System
Note:
Delete the following Files to remove Infection
File: pcenter.lnk
Path : %homepath%\desktop

Md5Hash :5322094d08f6ae522b6fb3c9e4da8519 ( 766 bytes)
File: privacy components.lnk
Path : %homepath%\desktop

Md5Hash :904521be2b2b54cdb3e08adbd6555fce ( 845 bytes)
File: agent.exe
Path : %programfiles%\pc

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
07e56d61e790e05b348b03afc70ea77f ( 553984 bytes)
cac1f9c97bb9f47fe137b8346078f6e8 ( 554496 bytes)
File: pc.exe
Path : %programfiles%\pc

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
091cf951e75a949edbad3046285539d6 ( 1860096 bytes)
d68d29eceb65fa7f77046d33e209153e ( 1859584 bytes)
File: uninstall.exe
Path : %programfiles%\pc

Md5Hash :989a28386bc2a544c2d480a6c12fd735 ( 149374 bytes)
File: agent.exe
Path : %programfiles%\pcenter

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
11f2ce4e4ae8cb241e5c4a99545cd6dd ( 553984 bytes)
44ed8b90fdcf61fd98a1fccb76d03d69 ( 556032 bytes)
8ba2afe282c4ae45550d354ca89a1ecc ( 556032 bytes)
File: pc.exe
Path : %programfiles%\pcenter

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
8916e82b8b9ab906d1273c0d01e52baf ( 1863680 bytes)
989e8ad4b50ad6a91677b98e6501ed99 ( 1861120 bytes)
b55ba2dce2e105cf05b8204f0b52803b ( 1859584 bytes)
cd5c5603bdb1eeb4565a73aabe1e38dc ( 1861120 bytes)
File: ca.crt
Path : %programfiles%\pcenter\tools\sc

Md5Hash :59c56aca2f8562b6f29312188bbe2254 ( 1277 bytes)
File: libeay32.dll
Path : %programfiles%\pcenter\tools\sc

Md5Hash :805db415858b302e94826517f0a80352 ( 947200 bytes)
File: libssl32.dll
Path : %programfiles%\pcenter\tools\sc

Md5Hash :9517f743f0b8836e0921ee5432a22a79 ( 173568 bytes)
File: openvpn.exe
Path : %programfiles%\pcenter\tools\sc

Md5Hash :f11d4f213dc1cb1495d692ff4cbe22d9 ( 430080 bytes)
File: tap0801.sys
Path : %programfiles%\pcenter\tools\sc

Md5Hash :0c82061920a2de35d33c2c2bb83b1e98 ( 26624 bytes)
File: tapinstall.exe
Path : %programfiles%\pcenter\tools\sc

Md5Hash :b36c5e40f25c8afe8c8acc7e895d9c6d ( 55808 bytes)
File: uninstall.exe
Path : %programfiles%\pcenter

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
0afe9d761ba0c226469b7ae855c7b085 ( 149374 bytes)
251a41b2ec2e954a941fe94da8a11051 ( 149375 bytes)
63b18157d268215bfd94eb66e19af66d ( 149374 bytes)
88e93b7d0ff78581597dcb29112b47f4 ( 149375 bytes)
a80e36f0df91512a49606569fd94056f ( 149374 bytes)
File: agent.exe
Path : %programfiles%\privacy center

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2775b7ce802b3c7279d7359af91bfc9f ( 556032 bytes)
60c866c28e5cfc87cfa5982ae5577f74 ( 556032 bytes)
e15e2a072052aab634abd41cd9193fc4 ( 556032 bytes)
File: guide.html
Path : %programfiles%\privacy center\faq

Md5Hash :cb1aa1f89fafde93a99a36af562dfc33 ( 10578 bytes)
File: gimg1.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :9378e9f47895c19dd368ba55ca8ea546 ( 81273 bytes)
File: gimg10.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :410b6f9d8e9bf7748ecd195ba1ace729 ( 99111 bytes)
File: gimg2.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :bbf709020c15a6ff361074cf1f2491bb ( 61988 bytes)
File: gimg3.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :7531433e50d985fb3a7bd0de89fc1e46 ( 5719 bytes)
File: gimg4.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :a352c7013f9d7288c59cfd743a109466 ( 95595 bytes)
File: gimg5.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :06e5de55c3d7cd37d819ca7992874c07 ( 94546 bytes)
File: gimg6.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :7123f6c4bbe8fab291d59c596a07a293 ( 95168 bytes)
File: gimg7.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :9f9307fbf279df8c8848be431e0e5a49 ( 85998 bytes)
File: gimg8.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :4f570f1ee989d9b1018911a5a95f0a0a ( 95534 bytes)
File: gimg9.jpg
Path : %programfiles%\privacy center\faq\images

Md5Hash :a0a40f511bafd9227310b7ecd69d4a4b ( 96460 bytes)
File: pc.exe
Path : %programfiles%\privacy center

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
043808b5b2ba208d2cb0b6cdcecf886c ( 1864192 bytes)
8f08539182b167d700f40c6126301bec ( 1864192 bytes)
8ff90858fa21ff898a82bf0bc7bfe8eb ( 1864192 bytes)
feeefc58b15e025d2efdfb5779c2dd82 ( 1864704 bytes)
File: 1.mp3
Path : %programfiles%\privacy center\sounds

Md5Hash :289b099cda4cf8dd36b3e847a6027831 ( 58830 bytes)
File: ca.crt
Path : %programfiles%\privacy center\tools\sc

Md5Hash :59c56aca2f8562b6f29312188bbe2254 ( 1277 bytes)
File: libssl32.dll
Path : %programfiles%\privacy center\tools\sc

Md5Hash :9517f743f0b8836e0921ee5432a22a79 ( 173568 bytes)
File: oemwin2k.inf
Path : %programfiles%\privacy center\tools\sc

Md5Hash :4014f49f0f19f1cccbbc47cad65ea334 ( 6840 bytes)
File: openvpn.exe
Path : %programfiles%\privacy center\tools\sc

Md5Hash :f11d4f213dc1cb1495d692ff4cbe22d9 ( 430080 bytes)
File: tap0801.sys
Path : %programfiles%\privacy center\tools\sc

Md5Hash :0c82061920a2de35d33c2c2bb83b1e98 ( 26624 bytes)
File: tapinstall.exe
Path : %programfiles%\privacy center\tools\sc

Md5Hash :b36c5e40f25c8afe8c8acc7e895d9c6d ( 55808 bytes)
File: spbho.dll
Path : %programfiles%\privacy center\tools\sp

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
4c6425e472a9bed42b7991e027970069 ( 448512 bytes)
f7ac30c9847ce7375b960c016ed1a04f ( 448512 bytes)
File: spp.dll
Path : %programfiles%\privacy center\tools\sp

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
8c2df1715f6d59843550001c6aa5c6d0 ( 448512 bytes)
fe47757a7361605defdc6452f188d847 ( 448512 bytes)
File: uninstall.exe
Path : %programfiles%\privacy center

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
43b2fa63320689e7d93fd4aac84b9ebc ( 149427 bytes)
804b028f4c89ab438b433fa6ca2d49d5 ( 149427 bytes)
8cf40c3c36d0432a178476c461140efa ( 149434 bytes)
c7f7ab3e3e7d1ed14b3ea15620555dd0 ( 149434 bytes)
df7d2a976a1a35a269427ddf77b9161d ( 149434 bytes)
f1319e24db07ae86a1a04b197232a500 ( 149434 bytes)
File: agent.exe
Path : %programfiles%\privacy components

Md5Hash :a047c4765f5c6b915bc4bea7531d9582 ( 553984 bytes)
File: gimg1.jpg
Path : %programfiles%\privacy components\faq\images

Md5Hash :acfeb887e2a92b63ac5cb3921e4a2f5c ( 69875 bytes)
File: gimg3.jpg
Path : %programfiles%\privacy components\faq\images

Md5Hash :cced84e51f54a0bbc46c70e86edd5ecb ( 20956 bytes)
File: gimg5.jpg
Path : %programfiles%\privacy components\faq\images

Md5Hash :245d14525a17520563c23dabbfd11526 ( 63578 bytes)
File: gimg7.jpg
Path : %programfiles%\privacy components\faq\images

Md5Hash :ebe872249df3e4ff0c31f09c435efb5a ( 49169 bytes)
File: pc.exe
Path : %programfiles%\privacy components

Md5Hash :3ff8a52cd62431fa60e2da2b16ec1e3b ( 1866240 bytes)
File: spbho.dll
Path : %programfiles%\privacy components\tools\sp

Md5Hash :4c6425e472a9bed42b7991e027970069 ( 448512 bytes)
File: uninstall.exe
Path : %programfiles%\privacy components

Md5Hash :c6099a6e45cc6cd34ac7b446b0fa17b0 ( 149444 bytes)
File: cg.dat
Path : %userprofile%\application data\pcenter\dbases

Md5Hash :d0ab4a72ac6ee96fa02ed7bd8b5652ac ( 162 bytes)
File: mw.dat
Path : %userprofile%\application data\pcenter\dbases

Md5Hash :1ff1de774005f8da13f42943881c655f ( 2 bytes)
File: rd.dat
Path : %userprofile%\application data\pcenter\dbases

Md5Hash :1ff1de774005f8da13f42943881c655f ( 2 bytes)
File: sc.dat
Path : %userprofile%\application data\pcenter\dbases

Md5Hash :1ff1de774005f8da13f42943881c655f ( 2 bytes)
File: sm.dat
Path : %userprofile%\application data\pcenter\dbases

Md5Hash :1ff1de774005f8da13f42943881c655f ( 2 bytes)
File: sp.dat
Path : %userprofile%\application data\pcenter\dbases

Md5Hash :8df50533b9dbb647eb0800d518cc361a ( 148001 bytes)
File: settings.ini
Path : %userprofile%\application data\pcenter\temp

Md5Hash :87af8500fb65ab8285b962e706eaa5ef ( 22 bytes)
File: cg.dat
Path : %userprofile%\application data\privacy center\dbases

Md5Hash :d0ab4a72ac6ee96fa02ed7bd8b5652ac ( 162 bytes)
File: rd.dat
Path : %userprofile%\application data\privacy center\dbases

Md5Hash :1ff1de774005f8da13f42943881c655f ( 2 bytes)
File: sm.dat
Path : %userprofile%\application data\privacy center\dbases

Md5Hash :1ff1de774005f8da13f42943881c655f ( 2 bytes)
File: settings.ini
Path : %userprofile%\application data\privacy center\temp

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
5b69f736a19a9cee8267b728918dcb02 ( 22 bytes)
9bf41288197308f4f41db95bdf4649a3 ( 22 bytes)
d781c6342385fd9c91d16157c8c55ce7 ( 23 bytes)
d7dd7eb893adef10131ff7d0432fe6cc ( 23 bytes)
File: privacy center.lnk
Path : %userprofile%\start menu\programs\privacy center

Md5Hash :02acdb1899dcff5907fb2f8a1e12770a ( 829 bytes)
File: [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2775b7ce802b3c7279d7359af91bfc9f ( 556032 bytes)
42f5f0dea0258bab4b2fd828440abaf7 ( 1983905 bytes)
9138681c0c0730ec0847924e58a9538d ( 3356193 bytes)
ac71935ae6a741bb1a9fe3e9434d2ab7 ( 555520 bytes)
b55ba2dce2e105cf05b8204f0b52803b ( 1859584 bytes)
bf0345a62a816734adff9f174fa443db ( 1984538 bytes)
d0106527342e4cf2a65aff30e620d99f ( 1861120 bytes)
Also creates the following files on user's System which are also created by Genuine Software :-
Note:
These file(s) can be kept as they are also created by genuine Software.
File : gdipfontcachev1.dat
Path : %userprofile%\local settings\application data

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
2261bf45652060de44754e0edba8418c ( 12328 bytes)
3981afc9eb76d1d5c291a24074228e69 ( 12328 bytes)
File : [randomname].exe
Path : %workingdir%

Skip Navigation Links.
Collapse Md5Hash :Md5Hash :
1057d7824b2d9173ae3b3fdea1e3c01f ( 2862998 bytes)
11608ae513288487dc5363afa308fef4 ( 3160028 bytes)
3f7585c8451f711459275a5c70b4fc38 ( 2611530 bytes)
3ff8a52cd62431fa60e2da2b16ec1e3b ( 1866240 bytes)
607c4db9b576579be74b84c27bdc61d7 ( 1984773 bytes)
615a1ddaa83ce37dc2959a03062325f2 ( 1986185 bytes)
6927f0cfde3aced24a03fea3fe8a0f90 ( 1985982 bytes)
6c9d053e5b79cbaad604c4f1040191ce ( 1985453 bytes)
6d4fddab51a62b14972e6ea0c2b4a425 ( 2611530 bytes)
8993399b1387645055a261922df8a160 ( 1985454 bytes)
8ff90858fa21ff898a82bf0bc7bfe8eb ( 1864192 bytes)
907afd18fa8a8ad66e80205e50d18461 ( 3159938 bytes)
96093647b1552230ee6e46e50f7f443d ( 3160026 bytes)
99d036f76c37e87a9e4c35df84bab555 ( 2611528 bytes)
a8ffc97fd4a2091f3c8b9d9b028065d0 ( 1986185 bytes)
c6a2ae4ff061b505dd6f6c116284491f ( 1985454 bytes)
c7cb093ca7f0e19c07d71046399e2f68 ( 3160032 bytes)
c9d2d1540dfc255d18f683d9857a5b4b ( 1986187 bytes)
cd5c5603bdb1eeb4565a73aabe1e38dc ( 1861120 bytes)
d5977e8f95918653f156e5a15619dacc ( 3160083 bytes)
feeefc58b15e025d2efdfb5779c2dd82 ( 1864704 bytes)
The following Registry Values are added to the provided Registry Keys :-
Note:
Delete the added Values from the Key to remove Infection
|__ Value Added :
agent.exe = "%programfiles%\pc\agent.exe"
|__ Value Added :
agent.exe = "%programfiles%\pcenter\agent.exe"
|__ Value Added :
agent.exe = "%programfiles%\privacy center\agent.exe"
|__ Value Added :
agent.exe = "%programfiles%\privacy components\agent.exe"

NOTE:

1. %homepath% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
2. %programfiles% Refers to the program files folder. By default it is 'C:\Program Files'
3. %userprofile% Refers to the windows current user's profile folder. By default it is 'C:\Documents and Settings\[user]'
4. %workingdir% Refers to the current directory in which user is working.

Important: We strongly recommend that you backup the Registry before making any changes to it. Incorrect changes to the Registry can result in permanent data loss or corrupted Files. Modify the malicious\suspicious Subkeys only.

Click Here for more spywarelib.com recommended PC Security and Optimization Tools

To modify registry entries in Windows Operating System:
Follow Steps:
1. Click Start > Run
2. Type “regedit” : to open registry editor
3. Navigate to required registry Key from the Left Tree control and modify accordingly.


Microsoft Gold Certified Partner

© Systweak Inc., 1999-2011 All rights reserved.