Technical details:
Categories: RAT
PlanetRemote Folders:
[%COMMON_PROGRAMS%]\PlanetDNS
[%PROFILE_TEMP%]\{F6F1B5DF-EC1C-4444-A4B7-240BFD3C5A5C}\{A3E24F85-0EAE-4376-AE14-A0CBBDF80A7D}
[%PROGRAM_FILES%]\InstallShield Installation Information\{A3E24F85-0EAE-4376-AE14-A0CBBDF80A7D}
[%PROGRAM_FILES%]\NewAce Corporation
PlanetRemote Files:
[%COMMON_DESKTOPDIRECTORY%]\PlanetRemote Viewer.lnk
[%COMMON_DESKTOPDIRECTORY%]\PlanetRemote.lnk
[%SYSTEM%]\pdnscpl.cpl
[%SYSTEM%]\PDNSCPL.HLP
[%SYSTEM%]\pdnsreg.exe
[%SYSTEM%]\pdnsreg.hlp
[%COMMON_DESKTOPDIRECTORY%]\PlanetRemote Viewer.lnk
[%COMMON_DESKTOPDIRECTORY%]\PlanetRemote.lnk
[%SYSTEM%]\pdnscpl.cpl
[%SYSTEM%]\PDNSCPL.HLP
[%SYSTEM%]\pdnsreg.exe
[%SYSTEM%]\pdnsreg.hlp
PlanetRemote Registry Keys:
HKEY_CLASSES_ROOT\pdnsreg
HKEY_CLASSES_ROOT\rns
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\pdshell.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{a3e24f85-0eae-4376-ae14-a0cbbdf80a7d}
HKEY_LOCAL_MACHINE\software\newace corporation\planetremote
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_planetremote
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\planetremote
PlanetRemote Registry Values:
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_CURRENT_USER\software\newace corporation\planetremote\mshvnc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
PlanetRemote indications of infection
This symptoms of PlanetRemote detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
SillyDl.CKD Trojan Removal instruction
PrizeSurfer Trojan Information
Posts
No comments:
Post a Comment