.: Padonok (al) :.
By HangUp Team
::actions
Additional Details
- From: Russia
- Coded by: HangUp Team
- Version: Padonok (al)
- Family: Padonok
- Category: Remote Access
MegaSecurity Notes
deleted folders: c:\Documents and Settings\%user%\Local Settings\History\History.IE5\MSHist012004122020041227 c:\Documents and Settings\%user%\Local Settings\History\History.IE5\MSHist012005011120050112 c:\Program Files\Common Files\System c:\Program Files\Common Files\System\ado c:\Program Files\Common Files\System\msadc c:\Program Files\Common Files\System\Ole DB c:\Program Files\WinRAR\Formats c:\WINDOWS\PCHealth\HelpCtr\System c:\WINDOWS\PCHealth\HelpCtr\System\blurbs c:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr c:\WINDOWS\PCHealth\HelpCtr\System\css c:\WINDOWS\PCHealth\HelpCtr\System\DFS c:\WINDOWS\PCHealth\HelpCtr\System\dialogs c:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd c:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg c:\WINDOWS\PCHealth\HelpCtr\System\errors c:\WINDOWS\PCHealth\HelpCtr\System\images c:\WINDOWS\PCHealth\HelpCtr\System\images\16x16 c:\WINDOWS\PCHealth\HelpCtr\System\images\24x24 c:\WINDOWS\PCHealth\HelpCtr\System\images\32x32 c:\WINDOWS\PCHealth\HelpCtr\System\images\48x48 c:\WINDOWS\PCHealth\HelpCtr\System\images\Centers c:\WINDOWS\PCHealth\HelpCtr\System\images\Expando c:\WINDOWS\PCHealth\HelpCtr\System\NetDiag c:\WINDOWS\PCHealth\HelpCtr\System\panels c:\WINDOWS\PCHealth\HelpCtr\System\panels\subpanels c:\WINDOWS\PCHealth\HelpCtr\System\rc c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Css c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server c:\WINDOWS\PCHealth\HelpCtr\System\scripts c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\33x16pie c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\47x24pie c:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr c:\WINDOWS\system added to registry: HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.Current HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005011020050117 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005011720050118 HKEY_CLASSES_ROOT\CLSID\{7EFBAEFF-EE02-1333-ABDF-416572E5D639} HKEY_CLASSES_ROOT\CLSID\{7EFBAEFF-EE02-1333-ABDF-416572E5D639}\InProcServer32 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\ΓΌ tested on Windows XP January 17, 2005
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.