Suspicious program: PGC.EXE



Hein
07-10-2005, 12:44 AM
I observed a suspicious registry entry in the RUN group: A key named
SMS20PGC starts a program PGC.EXE in c:\WINDOWS.

Does anybody know this file?

I don't find any information about PGC.EXE either using Google or on the
Microsoft Homepages. Virus Scanner (McAffee) is active, Microsoft Antispyware
is active. Both find no infections.

No unsusal behavior, just nervous since I don't find any information about
this process (in contrast to all other legitimate ones).

OS: Windows XP Pro 5.1, Service-Pack 2, French-Version

AllenM
07-10-2005, 12:44 AM
The Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) CD-ROM does not
include the Program Group Control (PGC) Migration Wizard and Microsoft
Windows NT 4.0 Resource Kit tools as part of Support.exe.
The PGC Migration Wizard is part of the SMS 2.0 Service Pack 1 (SP1) CD-ROM
because an updated SMS Provider is needed with SP1. You can use the PGC
Migration Wizard from SP1 after you upgrade your site to SP2.



"Hein" <Hein@discussions.microsoft.com> wrote in message
news:795478A9-1D40-4A10-A1F9-30C9EA922629@microsoft.com...
>I observed a suspicious registry entry in the RUN group: A key named
> SMS20PGC starts a program PGC.EXE in c:\WINDOWS.
>
> Does anybody know this file?
>
> I don't find any information about PGC.EXE either using Google or on the
> Microsoft Homepages. Virus Scanner (McAffee) is active, Microsoft
> Antispyware
> is active. Both find no infections.
>
> No unsusal behavior, just nervous since I don't find any information about
> this process (in contrast to all other legitimate ones).
>
> OS: Windows XP Pro 5.1, Service-Pack 2, French-Version
>

Hein
07-10-2005, 12:44 AM
Thanks! It's thus a legitimate MS program. However, since I find no
description anywhere: Do I need to have PGC.exe started? It doesn't run on my
other XP machine and - as I said - I don't find any descriptions.

So what would happen if I just delete the reg-entry starting it?

"AllenM" wrote:

> The Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) CD-ROM does not
> include the Program Group Control (PGC) Migration Wizard and Microsoft
> Windows NT 4.0 Resource Kit tools as part of Support.exe.
> The PGC Migration Wizard is part of the SMS 2.0 Service Pack 1 (SP1) CD-ROM
> because an updated SMS Provider is needed with SP1. You can use the PGC
> Migration Wizard from SP1 after you upgrade your site to SP2.
>
>
>
> "Hein" <Hein@discussions.microsoft.com> wrote in message
> news:795478A9-1D40-4A10-A1F9-30C9EA922629@microsoft.com...
> >I observed a suspicious registry entry in the RUN group: A key named
> > SMS20PGC starts a program PGC.EXE in c:\WINDOWS.
> >
> > Does anybody know this file?
> >
> > I don't find any information about PGC.EXE either using Google or on the
> > Microsoft Homepages. Virus Scanner (McAffee) is active, Microsoft
> > Antispyware
> > is active. Both find no infections.
> >
> > No unsusal behavior, just nervous since I don't find any information about
> > this process (in contrast to all other legitimate ones).
> >
> > OS: Windows XP Pro 5.1, Service-Pack 2, French-Version
> >
>
>
>

Wesley Vogel
07-10-2005, 12:44 AM
PGC.EXE may be legit. But is the one you have legit?

Do you have NT 4.0 Resource Kit Tools or Microsoft Systems Management Server
2.0 Service Pack 2?

SMS: PGC Migration Wizard and Microsoft Windows NT 4.0 Resource Kit Tools
Are Not Included on the SMS 2.0 SP2 CD-ROM
http://support.microsoft.com/default.aspx?scid=kb;en-us;260299

Locate PGC.EXE, right click it, select Properties. Look at all the info.
Does it say Microsoft anywhere? If not it probably isn't legit.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:6AD7A527-A0DD-443C-BFFE-F86E84046DEF@microsoft.com,
Hein <Hein@discussions.microsoft.com> hunted and pecked:
> Thanks! It's thus a legitimate MS program. However, since I find no
> description anywhere: Do I need to have PGC.exe started? It doesn't run
> on my other XP machine and - as I said - I don't find any descriptions.
>
> So what would happen if I just delete the reg-entry starting it?
>
> "AllenM" wrote:
>
>> The Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) CD-ROM does
>> not include the Program Group Control (PGC) Migration Wizard and
>> Microsoft Windows NT 4.0 Resource Kit tools as part of Support.exe.
>> The PGC Migration Wizard is part of the SMS 2.0 Service Pack 1 (SP1)
>> CD-ROM because an updated SMS Provider is needed with SP1. You can use
>> the PGC Migration Wizard from SP1 after you upgrade your site to SP2.
>>
>>
>>
>> "Hein" <Hein@discussions.microsoft.com> wrote in message
>> news:795478A9-1D40-4A10-A1F9-30C9EA922629@microsoft.com...
>>> I observed a suspicious registry entry in the RUN group: A key named
>>> SMS20PGC starts a program PGC.EXE in c:\WINDOWS.
>>>
>>> Does anybody know this file?
>>>
>>> I don't find any information about PGC.EXE either using Google or on the
>>> Microsoft Homepages. Virus Scanner (McAffee) is active, Microsoft
>>> Antispyware
>>> is active. Both find no infections.
>>>
>>> No unsusal behavior, just nervous since I don't find any information
>>> about this process (in contrast to all other legitimate ones).
>>>
>>> OS: Windows XP Pro 5.1, Service-Pack 2, French-Version

AllenM
07-10-2005, 12:45 AM
"Hein" <Hein@discussions.microsoft.com> wrote in message
news:6AD7A527-A0DD-443C-BFFE-F86E84046DEF@microsoft.com...
>
>
> Thanks! It's thus a legitimate MS program. However, since I find no
> description anywhere: Do I need to have PGC.exe started? It doesn't run on
> my
> other XP machine and - as I said - I don't find any descriptions.
>
> So what would happen if I just delete the reg-entry starting it?
>
> "AllenM" wrote:
>
>> The Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) CD-ROM does
>> not
>> include the Program Group Control (PGC) Migration Wizard and Microsoft
>> Windows NT 4.0 Resource Kit tools as part of Support.exe.
>> The PGC Migration Wizard is part of the SMS 2.0 Service Pack 1 (SP1)
>> CD-ROM
>> because an updated SMS Provider is needed with SP1. You can use the PGC
>> Migration Wizard from SP1 after you upgrade your site to SP2.
>>
>>
>>
>> "Hein" <Hein@discussions.microsoft.com> wrote in message
>> news:795478A9-1D40-4A10-A1F9-30C9EA922629@microsoft.com...
>> >I observed a suspicious registry entry in the RUN group: A key named
>> > SMS20PGC starts a program PGC.EXE in c:\WINDOWS.
>> >
>> > Does anybody know this file?
>> >
>> > I don't find any information about PGC.EXE either using Google or on
>> > the
>> > Microsoft Homepages. Virus Scanner (McAffee) is active, Microsoft
>> > Antispyware
>> > is active. Both find no infections.
>> >
>> > No unsusal behavior, just nervous since I don't find any information
>> > about
>> > this process (in contrast to all other legitimate ones).
>> >
>> > OS: Windows XP Pro 5.1, Service-Pack 2, French-Version
>> >
>>
>>
>>

AllenM
07-10-2005, 12:45 AM
I would think that if you're not using SMS then it would be safe to remove
it. If you're going to hack the registry then make sure you back it up
first.

"Hein" <Hein@discussions.microsoft.com> wrote in message
news:6AD7A527-A0DD-443C-BFFE-F86E84046DEF@microsoft.com...
>
>
> Thanks! It's thus a legitimate MS program. However, since I find no
> description anywhere: Do I need to have PGC.exe started? It doesn't run on
> my
> other XP machine and - as I said - I don't find any descriptions.
>
> So what would happen if I just delete the reg-entry starting it?
>
> "AllenM" wrote:
>
>> The Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) CD-ROM does
>> not
>> include the Program Group Control (PGC) Migration Wizard and Microsoft
>> Windows NT 4.0 Resource Kit tools as part of Support.exe.
>> The PGC Migration Wizard is part of the SMS 2.0 Service Pack 1 (SP1)
>> CD-ROM
>> because an updated SMS Provider is needed with SP1. You can use the PGC
>> Migration Wizard from SP1 after you upgrade your site to SP2.
>>
>>
>>
>> "Hein" <Hein@discussions.microsoft.com> wrote in message
>> news:795478A9-1D40-4A10-A1F9-30C9EA922629@microsoft.com...
>> >I observed a suspicious registry entry in the RUN group: A key named
>> > SMS20PGC starts a program PGC.EXE in c:\WINDOWS.
>> >
>> > Does anybody know this file?
>> >
>> > I don't find any information about PGC.EXE either using Google or on
>> > the
>> > Microsoft Homepages. Virus Scanner (McAffee) is active, Microsoft
>> > Antispyware
>> > is active. Both find no infections.
>> >
>> > No unsusal behavior, just nervous since I don't find any information
>> > about
>> > this process (in contrast to all other legitimate ones).
>> >
>> > OS: Windows XP Pro 5.1, Service-Pack 2, French-Version
>> >
>>
>>
>>


Suspicious program: PGC.EXE