1. /
  2. Security Response/
  3. PrivacyCommander

PrivacyCommander

Updated:
December 4, 2008 2:31:06 PM
Type:
Misleading Application
Name:
PrivacyCommander
Publisher:
privacy-commander.com
Risk Impact:
Medium
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
Behavior
This program can be manually installed from the following location:
[http://]www.privacy-commander.com

The program reports false or exaggerated system security threats on the computer.





The user is then prompted to pay for a full license of the application in order to remove the threats.





Installation
When the program is executed, it creates the following files:
  • %UserProfile%\Desktop\Privacy Commander.lnk
  • %UserProfile%\Start Menu\Programs\Privacy Commander\Privacy Commander.lnk
  • %UserProfile%\Start Menu\Programs\Privacy Commander\Uninstall.lnk
  • %ProgramFiles%\Privacy Commander\img\bg_fixed_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_fixed_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_fixed_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_fixed_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_licence_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_licence_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_licence_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_licence_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_main_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_main_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_main_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_main_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_warning_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_warning_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_warning_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bg_warning_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_activate_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_activate_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_activate_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_activate_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_cancel_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_cancel_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_cancel_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_cancel_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_fix_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_fix_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_fix_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_fix_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_ok_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_ok_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_ok_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_ok_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_silent_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_silent_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_silent_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_silent_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_update_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_update_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_update_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_update_it.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_upd_de.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_upd_en.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_upd_es.jpg
  • %ProgramFiles%\Privacy Commander\img\bt_upd_it.jpg
  • %ProgramFiles%\Privacy Commander\lang\de.lng
  • %ProgramFiles%\Privacy Commander\lang\en.lng
  • %ProgramFiles%\Privacy Commander\lang\es.lng
  • %ProgramFiles%\Privacy Commander\lang\it.lng
  • %ProgramFiles%\Privacy Commander\settings.ini
  • %ProgramFiles%\Privacy Commander\sounds\1.mp3
  • %ProgramFiles%\Privacy Commander\sounds\2.mp3
  • %ProgramFiles%\Privacy Commander\sounds\3.mp3
  • %ProgramFiles%\Privacy Commander\sysguard.exe
  • %ProgramFiles%\Privacy Commander\tipguard.exe
  • %ProgramFiles%\Privacy Commander\uninstall.exe


Next, the program creates the following registry entries so that it executes whenever Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"tipguard.exe" = "C:\Program Files\Privacy Commander\tipguard.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "C:\Program Files\Privacy Commander\sysguard.exe"

It also creates the following registry subkeys:
  • HKEY_CURRENT_USER\Software\sysguard
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sysguard
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Privacy Commander
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver