A very common method of distributing malware is disguising it as a useful program. Most common disguises, apart from games are ‘malware removal programs’. This is the approach used by CCenter a.k.a. Control Center.
If you find a process with the name ccenter.exe running on your pc means that your pc has possibly been infected with a trojan known as infostealer.lemir.h.
Infostealer.Lemir.H is a Trojan horse program that attempts to steal passwords for the Legend of Mir 2 online game, but can be modified to steal other information.
Apart from installing a trojan, CCenter intimidates people into buying the paid version of this program. Once it’s installed CCenter loads an imitation of system scan every time a computer is started. It also generates large amounts of counterfeit security alerts. All these alerts are designed only to trick people into taking the program as a legitimate and reputable tool. If clicked upon, the pop-ups demand paying for using CCenter.
CCenter has also been seen to redirect the web browser to malicious and fraudulent websites. Depending on version and programmer skill, it may also disable reputable security programs leaving the compromised machine open to future attacks.
Here are the steps to manually remove CCenter
- Use “Add or Remove Programs” to remove the installation. However bear in mind that there may be hidden CCenter files, running processes and registries in your computer, so CCenter may recreate all other files after reboot.
- Stop and remove CCenter processes:
- ccagent.exe
- ccmain.exe
- uninstall.exe
- Find and delete all CCenter files found in %AppData%\CCenter\ccagent.exe
There are other similar Malware programs in the wild. We will cover them in the following articles.
Talkback and comments are most welcome
