Infected with "Privacy Center"

[Charles W Davis]

Computer Club member's Dell laptop. The computer starts up with the Privacy
Center stating there are 140 infections and all sorts of other problems.

One can't open the start menu (no Task bar), can't open Windows Explorer,
and so on. When starting in safe mode, I can shut Privacy Center down using
the Task Manager after the third attempt. The first two times, it says that
it can't shut it down... Still can't open Windows Explorer or see the task
bar.

I haven't the foggiest notion as to where to go now. Any suggestions
appreciated.

 

[New Fieend]

Seems you have no antimalware tool installed, you will need to run the
Malicious Software Removal Tool. Search for that on Microsoft's page.

Then install Microsoft Securities Essentials, search for that on Microsoft's
page as well. Install that and you should be in better shape.

If that fails, take the machine to a service center and expect to pay $100
to have it cleaned up.

 

[Charles W Davis]

I would have already done what you have suggested. How does one start
anything. My USB flash drive isn't even recognized. Ctrl+ESC won't open the
Start menu.

 

[John Wunderlich]

Computer Club member's Dell laptop. The computer starts up with
the Privacy Center stating there are 140 infections and all sorts
of other problems.

One can't open the start menu (no Task bar), can't open Windows
Explorer, and so on. When starting in safe mode, I can shut
Privacy Center down using the Task Manager after the third
attempt. The first two times, it says that it can't shut it
down... Still can't open Windows Explorer or see the task bar.

I haven't the foggiest notion as to where to go now. Any
suggestions appreciated.

Info on "Privacy Center" here:
<http://www.symantec.com/security_response/writeup.jsp?docid=2009-050702-2910-99>

You don't say what you've tried to start Explorer...
Have you tried starting Explorer by going to Task Manager then,
in the "Applications" tab, clicking "New Task" then entering
C:\Windows\explorer.exe
???

HTH,
John

 

[Paul]

Computer Club member's Dell laptop. The computer starts up with the
Privacy Center stating there are 140 infections and all sorts of other
problems.

One can't open the start menu (no Task bar), can't open Windows
Explorer, and so on. When starting in safe mode, I can shut Privacy
Center down using the Task Manager after the third attempt. The first
two times, it says that it can't shut it down... Still can't open
Windows Explorer or see the task bar.

I haven't the foggiest notion as to where to go now. Any suggestions
appreciated.

Another approach to malware, is to boot an alternate OS disc and
scan from there. This is an example of such a disc.

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

You burn a CD with the download. Use a tool like Nero to convert
the ISO9660 download, into a bootable CD. Don't just "copy" the file
to a CD. The ISO9660 needs to be converted with the burning utility.

Then, boot the affected computer with the new CD. The CD is a Linux system
and boots using available memory. Once started, it uses DHCP to connect to
Kaspersky using your Internet connection. As long as the networking
in your room is already set up, for computers using DHCP, the
Kaspersky CD should be able to contact Kaspersky and get virus
updates, downloading them into system memory on the infected computer.

I don't really know how good this particular tool is, and I'm
only presenting the *concept* of booting with something
other than the original Windows, as a recovery mechanism.
The Kaspersky CD quarantined the EICAR "test virus" I put on
my C drive, but I haven't tested what it does when real malware
is present.

*******

Connecting a hard drive to a second computer, is another way of
working on that drive. I expect MBAM, suggested here, would work
best if used while you're booting the infected computer. I don't
know if it would work well on the drive, if it is just connected
as a data drive.

http://www.bleepingcomputer.com/virus-removal/remove-privacy-center

You can see the list of Privacy Center files at the end of the article.
It looks like "agent.exe" is a key component of the rogue. So even
renaming the agent.exe file would be a start. But you likely have
so many other problems, that concentrating on "agent.exe" at this
point would be a waste of time.

Paul

 

[PA Bear [MS MVP]]

Repost:

There is a very good chance that you are seeing the effects of a hijackware
infection!

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via...

Consumer Security Support home page
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
.. http://mvps.org/winhelp2002/unwanted.htm
.. http://inetexplorer.mvps.org/tshoot.html
.. http://www.mvps.org/sramesh2k/Malware_Defence.htm
.. http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Smiles]

you should boot in safemode as administrator you should find a number
program running in msconfig startup uncheck that

reboot

look at properties of icon on desktop
delete target and icon

reboot

that should work

 

[Thee Chicago Wolf [MVP]]

Computer Club member's Dell laptop. The computer starts up with the Privacy

Center stating there are 140 infections and all sorts of other problems.

One can't open the start menu (no Task bar), can't open Windows Explorer,
and so on. When starting in safe mode, I can shut Privacy Center down using
the Task Manager after the third attempt. The first two times, it says that
it can't shut it down... Still can't open Windows Explorer or see the task
bar.

I haven't the foggiest notion as to where to go now. Any suggestions
appreciated.

Give Spybot Search & Destroy with definition updates a shot. Should
clear you up.

- Thee Chicago Wolf [MVP]

 

[Jose]

Computer Club member's Dell laptop.  The computer starts up with the Privacy
Center stating there are 140 infections and all sorts of other problems.

One can't open the start menu (no Task bar), can't open Windows Explorer,
and so on. When starting in safe mode, I can shut Privacy Center down using
the Task Manager after the third attempt. The first two times, it says that
it can't shut it down... Still can't open Windows Explorer or see the task
bar.

I haven't the foggiest notion as to where to go now. Any suggestions
appreciated.

Sounds like you are going to have a hard time "trying" suggestions,
huh?

But, go ahead and try them and when you get done trying, holler.

 

[PA Bear [MS MVP]]

Uh-huh... Now pull the other one!

you should boot in safemode as administrator you should find a number
program running in msconfig startup uncheck that

reboot

look at properties of icon on desktop
delete target and icon

reboot

that should work

 

[Toni]

Computer Club member's Dell laptop. The computer starts up with the Privacy Center
stating there are 140 infections and all sorts of other problems.

One can't open the start menu (no Task bar), can't open Windows Explorer, and so on.
When starting in safe mode, I can shut Privacy Center down using the Task Manager
after the third attempt. The first two times, it says that it can't shut it down...
Still can't open Windows Explorer or see the task bar.

I haven't the foggiest notion as to where to go now. Any suggestions appreciated.

1. Shut down the computer.
2. Disconnect from the internet - remove all Ethernet cables & disable the WiFi radio
3. Boot into the Administrator account into Safe Mode
4. Open Windows Explorer, Make sure your settings show hidden files
5. On your hard drive, go to C:\Program Files\. Look for a folder named PCCenter. Delete
ONLY that folder.

If you get a message that not all files were deleted, repeat steps 1-5.

This won't completely remove all of the malware named "Privacy Center", but it should
stop it from running.

Update your antivirus definitions and do a full scan.

 

[Charles W Davis]

Info on "Privacy Center" here:
<http://www.symantec.com/security_response/writeup.jsp?docid=2009-050702-2910-99>

You don't say what you've tried to start Explorer...
Have you tried starting Explorer by going to Task Manager then,
in the "Applications" tab, clicking "New Task" then entering
C:\Windows\explorer.exe
???

HTH,
John

John,

With your suggestion regarding opening the explorer.exe, I was able to do
many things, but was unable to do anything in safe mode, the Privacy Center
window covered the entire desktop in the lower resolution of safe mode. The
Task Manager would not open on top of the Privacy Center so was unable to go
further. He couldn't find his Dell installation disk. He is off to get Dell
to send him one. An Airline Pilot that was laid off 18 months ago, doing
some contract flying since, but sporadic. He bought an inexpensive
reconditioned laptop at Fry's Electonics. Left the local Executive airport
this morning for a contract flight to Jedda, Saudi Arabia.

Thanks to all that provided suggestions.

 

[Toni]

...
:

With your suggestion regarding opening the explorer.exe, I was able to do many things,
but was unable to do anything in safe mode, the Privacy Center window covered the
entire desktop in the lower resolution of safe mode. The Task Manager would not open
on top of the Privacy Center so was unable to go further.

Press the Windows key, then while holding it down, press the 'R' key. This will open the
Run dialog. Type in 'explorer' and then click O.K. and a Windows Explorer window will
open up. Alternately, you can also type in 'cmd' and then click O.K. and a command
window will open up.