.: Padonok (al) :.

By HangUp Team

Additional Details

  • From: Russia
  • Coded by: HangUp Team
  • Version: Padonok (al)
  • Family: Padonok
  • Category: Remote Access

MegaSecurity Notes

deleted folders:
c:\Documents and Settings\%user%\Local Settings\History\History.IE5\MSHist012004122020041227
c:\Documents and Settings\%user%\Local Settings\History\History.IE5\MSHist012005011120050112
c:\Program Files\Common Files\System
c:\Program Files\Common Files\System\ado
c:\Program Files\Common Files\System\msadc
c:\Program Files\Common Files\System\Ole DB
c:\Program Files\WinRAR\Formats
c:\WINDOWS\PCHealth\HelpCtr\System
c:\WINDOWS\PCHealth\HelpCtr\System\blurbs
c:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr
c:\WINDOWS\PCHealth\HelpCtr\System\css
c:\WINDOWS\PCHealth\HelpCtr\System\DFS
c:\WINDOWS\PCHealth\HelpCtr\System\dialogs
c:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd
c:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg
c:\WINDOWS\PCHealth\HelpCtr\System\errors
c:\WINDOWS\PCHealth\HelpCtr\System\images
c:\WINDOWS\PCHealth\HelpCtr\System\images\16x16
c:\WINDOWS\PCHealth\HelpCtr\System\images\24x24
c:\WINDOWS\PCHealth\HelpCtr\System\images\32x32
c:\WINDOWS\PCHealth\HelpCtr\System\images\48x48
c:\WINDOWS\PCHealth\HelpCtr\System\images\Centers
c:\WINDOWS\PCHealth\HelpCtr\System\images\Expando
c:\WINDOWS\PCHealth\HelpCtr\System\NetDiag
c:\WINDOWS\PCHealth\HelpCtr\System\panels
c:\WINDOWS\PCHealth\HelpCtr\System\panels\subpanels
c:\WINDOWS\PCHealth\HelpCtr\System\rc
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Css
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server
c:\WINDOWS\PCHealth\HelpCtr\System\scripts
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\33x16pie
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\47x24pie
c:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr
c:\WINDOWS\system


added to registry:
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.Current
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005011020050117
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005011720050118
HKEY_CLASSES_ROOT\CLSID\{7EFBAEFF-EE02-1333-ABDF-416572E5D639}
HKEY_CLASSES_ROOT\CLSID\{7EFBAEFF-EE02-1333-ABDF-416572E5D639}\InProcServer32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\ΓΌ


tested on Windows XP
January 17, 2005

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.