Subscribe to Malware Help RSS Feed RSS Feed - Subscribe to Malware Help. Org on Twitter Follow on Twitter - Malware Help YouTube Channel YouTube Channel - Subscribe to Malware Help by Email Subscribe by Email

Privacy Center Analysis and Removal

by Shanmuga| Tweet This | Google +1 | Facebook | Stumble It | Reddit | Digg | del.icio.us

Privacy Center is the name of a rogue security software that advertises itself as a “Simple one-click solution to protect your PC“. It’s a fraud program that finds non-existent files as security and privacy threats to the user’s computer.

On restart of the PC -even in safe-mode- this scareware completely hijacks the desktop, hides the desktop icons and Windows task bar. Any attempt to close the Privacy Center Window is resisted with a dialogue “The operation is prohibited. Please check your settings“.

privacy center 15 590x331 Privacy Center Analysis and Removal

The user has to kill the application via Task Manager and manually run explorer.exe to access the desktop.

A rogue security software such as Privacy Center belongs to a family of software products that call themselves as antivirus, antispyware or registry cleaners and often use deceptive or high pressure sales tactics and deliberate false positives to convince users into buying a license/subscription. They are often repackaged and renamed. They do not actually remove malware instead many of them add more malware of their own.

This scareware is known by the following aliases:

  • FraudTool.PrivacyCenter.HN
  • Adware.PrivacyCenter.R.1594821
  • Trojan.Win32.Shutdowner.ecc
  • Troj/PrvCnt-Gen
  • Win32/Adware.PrivacyCenter.AD
  • FraudTool.Win32.PrivacyCenter.qu
  • Trojan.Win32.PrivacyCenter

Typical Privacy Center Scare Messages

This scareware uses bubble messages from the task bar to goad the user to buy a subscription.

Warning! One or several components reported some problems! Traces of discreditable files ( for example, the history of visiting adult sites) and security vulnerability have been found. Click this notification to eliminate vulnerability immediately!

The executable in this case is named beecoin.exe, about 1594821 bytes in size. It is detected by 31/41 (75.61%) of the anti-virus engines available at VirusTotal.

Privacy Center Associated Files and Folders

  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\agent.exe
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\guide.html
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg1.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg10.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg2.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg3.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg4.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg5.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg6.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg7.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg8.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images\gimg9.jpg
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\pc.exe
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\settings.ini
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\Uninstall.exe
  • C:\WINDOWS\Prefetch\AGENT.EXE-13C54778.pf
  • C:\WINDOWS\Prefetch\PC.EXE-2449FD2C.pf
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq
  • C:\Documents and Settings\malwarehelp_org\Application Data\PC\faq\images

Some of the file names may be randomly generated.

Privacy Center Associated Registry Values and Keys

  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell(C:\Documents and Settings\malwarehelp_org\Application Data\PC\pc.exe)
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\agent.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\privacy tools

Privacy Center Associated Domains

This scareware was observed accessing the following domains during installation and operation:

  • http://networksecurityinfo com
  • http:// 91.213.121.33

Note: Visiting the domains mentioned above may harm your computer system.

Privacy Center Removal (How to remove Privacy Center)

Once you are able to regain access to your desktop, the free versions of MalwareBytes’s Anti-Malware Free edition and SuperAntiSpyware appear to remove Privacy Center Scareware.

  1. Open Task Manager by pressing the keys Ctrl+Alt+Delete simultaneously.
  2. Select Privacy Center in the Applications Tab of the Task Manager and then click “End Task“.
  3. privacy center 16 590x331 Privacy Center Analysis and Removal

  4. Now in the File menu Click New Task (Run) and then type “explorer.exe” in the File Open dialogue box and click “OK” to access your desktop. Close Task Manager.
  5. privacy center 18 590x331 Privacy Center Analysis and Removal

  6. Use an alternate browser like Firefox or Chrome to download and Install either MalwareBytes’s Anti-Malware or SuperAntiSpyware from the links above.
  7. Also download CCleaner.
  8. Click to scan with your chosen software. Check mark all instances of the rogue security software and delete them. Restart if asked to.
  9. Install, scan and clean the temporary files with CCleaner.
  10. Turn System Restore off and on

You should now be clean of this rogue.

Privacy Center Scareware — Screenshots

Privacy Center Scareware — Video

Note: The Privacy Center installation and removal was tested on a fully patched Windows XP SP3 running updated versions of Internet Explorer and Firefox. The content provided in this article is not warranted or guaranteed by Malware Help. Org. The content provided is intended for entertainment and/or educational purposes. I am not liable for any negative consequences that may result from implementing any information covered in this article. The above information is correct at the time of my testing, it might change with time and or under different testing conditions.

You may also like to read



{ 0 comments… add one now }

Leave a Comment

{ 1 trackback }

Previous post:

Next post: