Suspicious program: PGC.EXE

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I observed a suspicious registry entry in the RUN group: A key named
SMS20PGC starts a program PGC.EXE in c:\WINDOWS.

Does anybody know this file?

I don't find any information about PGC.EXE either using Google or on the
Microsoft Homepages. Virus Scanner (McAffee) is active, Microsoft Antispyware
is active. Both find no infections.

No unsusal behavior, just nervous since I don't find any information about
this process (in contrast to all other legitimate ones).

OS: Windows XP Pro 5.1, Service-Pack 2, French-Version
 
The Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) CD-ROM does not
include the Program Group Control (PGC) Migration Wizard and Microsoft
Windows NT 4.0 Resource Kit tools as part of Support.exe.
The PGC Migration Wizard is part of the SMS 2.0 Service Pack 1 (SP1) CD-ROM
because an updated SMS Provider is needed with SP1. You can use the PGC
Migration Wizard from SP1 after you upgrade your site to SP2.
 
Thanks! It's thus a legitimate MS program. However, since I find no
description anywhere: Do I need to have PGC.exe started? It doesn't run on my
other XP machine and - as I said - I don't find any descriptions.

So what would happen if I just delete the reg-entry starting it?
 
PGC.EXE may be legit. But is the one you have legit?

Do you have NT 4.0 Resource Kit Tools or Microsoft Systems Management Server
2.0 Service Pack 2?

SMS: PGC Migration Wizard and Microsoft Windows NT 4.0 Resource Kit Tools
Are Not Included on the SMS 2.0 SP2 CD-ROM
http://support.microsoft.com/default.aspx?scid=kb;en-us;260299

Locate PGC.EXE, right click it, select Properties. Look at all the info.
Does it say Microsoft anywhere? If not it probably isn't legit.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
Hein said:
Thanks! It's thus a legitimate MS program. However, since I find no
description anywhere: Do I need to have PGC.exe started? It doesn't run on
my
other XP machine and - as I said - I don't find any descriptions.

So what would happen if I just delete the reg-entry starting it?
Click to expand...
 
I would think that if you're not using SMS then it would be safe to remove
it. If you're going to hack the registry then make sure you back it up
first.
 
Back
Top