Friday, 13 November 2009

Control Center Rogue

Yet another rogue. This one is promoted as a free video. If you install the "video", you will get the Control Center Rogue. It claims to detect lots of viruses on a clean system. It also replaces the default shell with cc.exe.

If you got this infection and want to start your default shell (explorer.exe) again, just press Ctrl + shift + ESC and the Task Manager will pop up. Open the File menu and select New Task. Type in explorer.exe and press enter. Now you can start FreeFixer to remove the ControlCenter malware. I've marked the malware files in red in the FreeFixer log below:

FreeFixer v0.49 log
Operating system: Windows XP Service Pack 2
Log dated 2009-11-14 00:30

Shell settings
HKCU\..\Winlogon, Shell = C:\Documents and Settings\roger\Application Data\CC\cc.exe

Registry Startups (3 whitelisted)
HKCU\..\Run, agent.exe = C:\Documents and Settings\roger\Application Data\CC\agent.exe

Processes (18 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
C:\Documents and Settings\roger\Application Data\CC\agent.exe
C:\Documents and Settings\roger\Application Data\CC\cc.exe

End of FreeFixer log

No comments:

Post a Comment