||||
Symantec.com > Business > Security Response > PCPrivacyTool
PRINT THIS PAGE

PCPrivacyTool

Printer Friendly Page

Updated: July 26, 2007 2:39:02 PM
Type: Misleading Application
Name: PCPrivacyTool
Version: 1.0.5.0
Publisher: Locus Software
Risk Impact: Medium
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Behaviour:
This program must be manually installed.

The misleading application identifies several fake privacy violations as present on the computer:



The program then requests the user to purchase a registered version of the software:



Installation:
When the program is executed, it creates the following folders:
  • C:\Documents and Settings\All Users\Start Menu\Programs\PCPrivacyTool
  • %ProgramFiles%\PCPrivacyTool


It then creates the following files:
  • %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyTool unregistered.lnk
  • %UserProfile%\Desktop\Install PCPrivacyTool .lnk
  • %UserProfile%\Desktop\PCPrivacyTool unregistered.lnk


Next, the program creates the following registry entries so that it executes whenever Windows starts:
HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Run\"PCPrivacyTool" = "C:\Program Files\PCPrivacyTool\GDC.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"PCPrivacyTool" = "C:\Program Files\PCPrivacyTool\GDC.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"ugdccw" = "C:\PROGRA~1\PCPRIV~1\UGDCcw.exe" -start"

It also creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}" = "secure_del"

The program then creates the following registry subkeys:
HKEY_ALL_USERS\Software\PCPrivacyTool
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.exe\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\.lnk\ShellEx\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\CLSID\{B33DE756-DEEE-4D7A-87DB-1D905BA2AA21}
HKEY_CLASSES_ROOT\Directory\Background\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\exefile\shellex\ContextMenuHandlers\secure_del
HKEY_CLASSES_ROOT\lnkfile\shellex\ContextMenuHandlers\secure_del
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GDC_is1
HKEY_LOCAL_MACHINE\SOFTWARE\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\PCPrivacyTool
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\PC Drive Tool
HKEY_LOCAL_MACHINE\SOFTWARE\ugdccw
Search by name
Example: W32.Beagle.AG@mm
Symantec DeepSight Screensaver
©1995 - 2010 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS