Padonok (al)
(Backdoor.Win32.Padodor.al)

by HangUp Team


Made in Russia

more versions 





deleted folders:
c:\Documents and Settings\%user%\Local Settings\History\History.IE5\MSHist012004122020041227
c:\Documents and Settings\%user%\Local Settings\History\History.IE5\MSHist012005011120050112
c:\Program Files\Common Files\System
c:\Program Files\Common Files\System\ado
c:\Program Files\Common Files\System\msadc
c:\Program Files\Common Files\System\Ole DB
c:\Program Files\WinRAR\Formats
c:\WINDOWS\PCHealth\HelpCtr\System
c:\WINDOWS\PCHealth\HelpCtr\System\blurbs
c:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr
c:\WINDOWS\PCHealth\HelpCtr\System\css
c:\WINDOWS\PCHealth\HelpCtr\System\DFS
c:\WINDOWS\PCHealth\HelpCtr\System\dialogs
c:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd
c:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg
c:\WINDOWS\PCHealth\HelpCtr\System\errors
c:\WINDOWS\PCHealth\HelpCtr\System\images
c:\WINDOWS\PCHealth\HelpCtr\System\images\16x16
c:\WINDOWS\PCHealth\HelpCtr\System\images\24x24
c:\WINDOWS\PCHealth\HelpCtr\System\images\32x32
c:\WINDOWS\PCHealth\HelpCtr\System\images\48x48
c:\WINDOWS\PCHealth\HelpCtr\System\images\Centers
c:\WINDOWS\PCHealth\HelpCtr\System\images\Expando
c:\WINDOWS\PCHealth\HelpCtr\System\NetDiag
c:\WINDOWS\PCHealth\HelpCtr\System\panels
c:\WINDOWS\PCHealth\HelpCtr\System\panels\subpanels
c:\WINDOWS\PCHealth\HelpCtr\System\rc
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Css
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common
c:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server
c:\WINDOWS\PCHealth\HelpCtr\System\scripts
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\33x16pie
c:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\graphics\47x24pie
c:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr
c:\WINDOWS\system


added to registry:
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\ActivatingDocument\.Current
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005011020050117
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012005011720050118
HKEY_CLASSES_ROOT\CLSID\{7EFBAEFF-EE02-1333-ABDF-416572E5D639}
HKEY_CLASSES_ROOT\CLSID\{7EFBAEFF-EE02-1333-ABDF-416572E5D639}\InProcServer32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\�


tested on Windows XP
January 17, 2005
MegaSecurity