Enciclopedia de Virus

Bienvenido a la Enciclopedia de Virus del Laboratorio de Panda Security.


Threat LevelLow threat
DistributionNot widespread


ControlCenter is an adware program that carries out the following actions:

  • It reaches the computer in a file with the following icon:

  • When it is run, the installation process of the program starts:

  • Once installed, the following shortcut is displayed in the Desktop and an icon in the Taskbar:

  • If any of these icons is run, the interface of anntivirus program and starts scanning the system in search for possible malware:

  • Once finished, it displays a warning message informing users that the computer has some problems and that is infected with malware:

  • If users follow the program's instructions and remove the threats, the program will displays an error message informing that the license has expired:

  • If the user attempts to update the license, the program displays a screen where the antivirus solution can be purchased:

  • If users don't follow the program's recommendations, when the computer is restarted, the interface of the program will be displayed on the screen:

  • The the user closes this window, the following error message will be displayed, leaving the computer blocked:

Infection strategy 

ControlCenter creates the following files:

  • AGENT.EXECC.EXEUNINSTALL.EXESETTINGS.INI and GUIDE.HTML, in the path C:\Documents and Settings\%username%\Application Data\CC. This last folder is created by itself.
    where %username% is the username that has logged in.
  • 05.PNG06.PNG07.PNG08.PNG and 09.PNG, in the path C:\Documents and Settings\%username%\Application Data\CC\faq\images.


Additionally, it creates the following shortcut in the Desktop:


ControlCenter creates the following entries in the Windows Registry:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    agent.exe = C:\Documents and Settings\
    %username%\Application Data\agent.exe
    where %username% is the username of the user that has logged in.
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell = C:\Documents and Settings\
    By creating these entries, ControlCenter ensures that it is automatically run whenever Windows is started.
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control center
    DisplayName = Control center
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control center
    NoModify = 01, 00, 00, 00
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Control center
    NoRepair = 01, 00, 00, 00
  • HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Uninstall\ Control center
    C:\Documents and Settings\%nombreusuario%\Application Data\CC\uninstall.exe

    These entries contain information about the application and its uninstallation.

Means of transmission 

ControlCenter can reach the computer when the user accesses certain websites which display banners or pop-up windows which lead to the download of this program. It can also reach the computer in a link that can be received via spam messages, fraudulent websites, etc.

Further Details  

ControlCenter is 1,978,467 bytes in size.