.: Pardillo :.
Released 20 years, 1 month ago. Dec 2001By kidarcade (?)
- Coded by: kidarcade (?)
- Version: Pardillo
- Released date: Dec 2001, 20 years, 1 month ago.
- Family: Pardillo
- Category: Remote Access
added: HKEY_CLASSES_ROOT\htafile "NeverShowExt" HKEY_CLASSES_ROOT\htafile\DefaultIcon "(Default)" HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "EnableAutodial" added files: c:\WINDOWS\$.tmp c:\WINDOWS\COMMAND.PIF c:\WINDOWS\update.bat c:\WINDOWS\Wininit.ini remark: By visiting a prepared webpage a VBScript is executed. This script does add values to the registry and does create and execute a bat file. This bat file does start ftp.exe with the commands -v -i -n -s:%windir%\$.tmp. $.temp contains the commands to download a file named 1.exe from ip 22.214.171.124 and execute it.
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at firstname.lastname@example.org, thank you in advance.