agent.exe - Dangerous
%program files%\pcenter\agent.exe
Manual removal instructions:
Antivirus Report of %program files%\pcenter\agent.exe:
%program files%\pcenter\agent.exe
We suggest you to remove %PROGRAM FILES%\PCenter\agent.exe from your computer as soon as possible.
%PROGRAM FILES%\PCenter\agent.exe is Trojan/Backdoor.
Kill the process %PROGRAM FILES%\PCenter\agent.exe and remove %PROGRAM FILES%\PCenter\agent.exe from Windows startup.
Classification:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.06.04 Trojan.Fraudtool.
PrivacyCenter!IK
AntiVir 7.9.0.180 2009.06.04 DR/Fraud.PrivacyCenter.DJ.24
AVG 8.5.0.339 2009.06.04 Generic13.BBMA
DrWeb 5.0.0.12182 2009.06.04 Trojan.Fakealert.4408
F-Secure 8.0.14470.0 2009.06.04 FraudTool.Win32.PrivacyCenter.dj
Fortinet 3.117.0.0 2009.06.04 W32/FakeAlert.DB!tr
Kaspersky 7.0.0.125 2009.06.04 not-a-virus:FraudTool.Win32.PrivacyCenter.dj
Microsoft 1.4701 2009.06.04 Trojan:Win32/PrivacyCenter
NOD32 4131 2009.06.04 Win32/Adware.PrivacyComponents
TheHacker 6.3.4.3.339 2009.06.03 Adware/Agent.gen
Additional information
File size: 1981475 bytes
MD5 : 2cc726b1dc62c204fb396f07d1884ca0
SHA1 : 585e8648a1e735a0df30a8ba81efcce85d607f3a
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys deleted:0
----------------------------------
----------------------------------
Keys added:1
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center
----------------------------------
Values deleted:0
----------------------------------
----------------------------------
Values added:6
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\DisplayName: "Privacy center"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\UninstallString: "C:\Program Files\PCenter\uninstall.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\NoModify: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\NoRepair: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\agent.exe: "C:\Program Files\PCenter\agent.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "C:\Program Files\PCenter\pc.exe"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:28
----------------------------------
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\cg.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\mw.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\rd.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\sc.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\sm.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\sp.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\cg.key
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\rd.key
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\sc.key
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\sp.key
C:\Documents and Settings\Administrator\Application Data\PCenter\temp\settings.ini
C:\Documents and Settings\Administrator\Desktop\PCenter.lnk
C:\Program Files\PCenter\agent.exe
C:\Program Files\PCenter\faq\guide.html
C:\Program Files\PCenter\faq\images\gimg1.jpg
C:\Program Files\PCenter\faq\images\gimg10.jpg
C:\Program Files\PCenter\faq\images\gimg2.jpg
C:\Program Files\PCenter\faq\images\gimg3.jpg
C:\Program Files\PCenter\faq\images\gimg4.jpg
C:\Program Files\PCenter\faq\images\gimg5.jpg
C:\Program Files\PCenter\faq\images\gimg6.jpg
C:\Program Files\PCenter\faq\images\gimg7.jpg
C:\Program Files\PCenter\faq\images\gimg8.jpg
C:\Program Files\PCenter\faq\images\gimg9.jpg
C:\Program Files\PCenter\pc.exe
C:\Program Files\PCenter\sounds\1.mp3
C:\Program Files\PCenter\sounds\3.mp3
C:\Program Files\PCenter\uninstall.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:11
----------------------------------
C:\Documents and Settings\Administrator\Application Data\PCenter
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases
C:\Documents and Settings\Administrator\Application Data\PCenter\keys
C:\Documents and Settings\Administrator\Application Data\PCenter\temp
C:\Program Files\PCenter
C:\Program Files\PCenter\faq
C:\Program Files\PCenter\faq\images
C:\Program Files\PCenter\sounds
C:\Program Files\PCenter\tools
C:\Program Files\PCenter\tools\sc
C:\Program Files\PCenter\tools\sp
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:46
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: User Shell
Item Name: shell
Related File: C:\Program Files\PCenter\pc.exe
Type: Running Processes
Item Name: pc.exe
Related File:C:\Program Files\PCenter\pc.exe
Removal Results: Success
Number of reboot: 1
%program files%\pcenter\agent.exe | Malware |
%program files%\pcenter\agent.exe | Dangerous |
%program files%\pcenter\agent.exe | High Risk |
%PROGRAM FILES%\PCenter\agent.exe is Trojan/Backdoor.
Kill the process %PROGRAM FILES%\PCenter\agent.exe and remove %PROGRAM FILES%\PCenter\agent.exe from Windows startup.
Classification:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.06.04 Trojan.Fraudtool.
PrivacyCenter!IK
AntiVir 7.9.0.180 2009.06.04 DR/Fraud.PrivacyCenter.DJ.24
AVG 8.5.0.339 2009.06.04 Generic13.BBMA
DrWeb 5.0.0.12182 2009.06.04 Trojan.Fakealert.4408
F-Secure 8.0.14470.0 2009.06.04 FraudTool.Win32.PrivacyCenter.dj
Fortinet 3.117.0.0 2009.06.04 W32/FakeAlert.DB!tr
Kaspersky 7.0.0.125 2009.06.04 not-a-virus:FraudTool.Win32.PrivacyCenter.dj
Microsoft 1.4701 2009.06.04 Trojan:Win32/PrivacyCenter
NOD32 4131 2009.06.04 Win32/Adware.PrivacyComponents
TheHacker 6.3.4.3.339 2009.06.03 Adware/Agent.gen
Additional information
File size: 1981475 bytes
MD5 : 2cc726b1dc62c204fb396f07d1884ca0
SHA1 : 585e8648a1e735a0df30a8ba81efcce85d607f3a
Installation
When the program is executed, it creates the following registry subkeys and values:
----------------------------------
Keys deleted:0
----------------------------------
----------------------------------
Keys added:1
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center
----------------------------------
Values deleted:0
----------------------------------
----------------------------------
Values added:6
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\DisplayName: "Privacy center"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\UninstallString: "C:\Program Files\PCenter\uninstall.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\NoModify: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center\NoRepair: 0x00000001
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\agent.exe: "C:\Program Files\PCenter\agent.exe"
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: "C:\Program Files\PCenter\pc.exe"
----------------------------------
Values modified:0
----------------------------------
----------------------------------
Files added:28
----------------------------------
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\cg.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\mw.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\rd.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\sc.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\sm.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases\sp.dat
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\cg.key
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\rd.key
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\sc.key
C:\Documents and Settings\Administrator\Application Data\PCenter\keys\sp.key
C:\Documents and Settings\Administrator\Application Data\PCenter\temp\settings.ini
C:\Documents and Settings\Administrator\Desktop\PCenter.lnk
C:\Program Files\PCenter\agent.exe
C:\Program Files\PCenter\faq\guide.html
C:\Program Files\PCenter\faq\images\gimg1.jpg
C:\Program Files\PCenter\faq\images\gimg10.jpg
C:\Program Files\PCenter\faq\images\gimg2.jpg
C:\Program Files\PCenter\faq\images\gimg3.jpg
C:\Program Files\PCenter\faq\images\gimg4.jpg
C:\Program Files\PCenter\faq\images\gimg5.jpg
C:\Program Files\PCenter\faq\images\gimg6.jpg
C:\Program Files\PCenter\faq\images\gimg7.jpg
C:\Program Files\PCenter\faq\images\gimg8.jpg
C:\Program Files\PCenter\faq\images\gimg9.jpg
C:\Program Files\PCenter\pc.exe
C:\Program Files\PCenter\sounds\1.mp3
C:\Program Files\PCenter\sounds\3.mp3
C:\Program Files\PCenter\uninstall.exe
----------------------------------
Files [attributes?] modified:0
----------------------------------
----------------------------------
Folders added:11
----------------------------------
C:\Documents and Settings\Administrator\Application Data\PCenter
C:\Documents and Settings\Administrator\Application Data\PCenter\dbases
C:\Documents and Settings\Administrator\Application Data\PCenter\keys
C:\Documents and Settings\Administrator\Application Data\PCenter\temp
C:\Program Files\PCenter
C:\Program Files\PCenter\faq
C:\Program Files\PCenter\faq\images
C:\Program Files\PCenter\sounds
C:\Program Files\PCenter\tools
C:\Program Files\PCenter\tools\sc
C:\Program Files\PCenter\tools\sp
----------------------------------
Folders deleted:0
----------------------------------
----------------------------------
Total changes:46
----------------------------------
-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:
Type: User Shell
Item Name: shell
Related File: C:\Program Files\PCenter\pc.exe
Type: Running Processes
Item Name: pc.exe
Related File:C:\Program Files\PCenter\pc.exe
Removal Results: Success
Number of reboot: 1
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.