1. /
  2. Security Response/
  3. AdvParentalControl

AdvParentalControl

Updated:
May 26, 2010 3:58:17 PM
Type:
Parental Control
Infection Length:
2,590,381 bytes
Name:
Advanced Parental Control
Version:
1.6
Publisher:
Retina-X Studios
Risk Impact:
Low
Systems Affected:
Windows 2000, Windows 7, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Server 2008, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • C:\Documents and Settings\All Users\Application Data\APC\Data\AppData\Administrator.txt
  • C:\Documents and Settings\All Users\Application Data\APC\Winapc.dll
  • C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Parental Control\Advanced Parental Control.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Parental Control\APC Purchasing.lnk
  • C:\Documents and Settings\All Users\Start Menu\Programs\Advanced Parental Control\APC User Guide.lnk
  • C:\Program Files\Advanced Parental Control\BackProcessAPC.exe
  • C:\Program Files\Advanced Parental Control\ControlPC.exe
  • C:\Program Files\Advanced Parental Control\SystemAPC.dll
  • C:\Program Files\Advanced Parental Control\unins000.dat
  • C:\Program Files\Advanced Parental Control\unins000.exe
  • C:\Program Files\Advanced Parental Control\UserPC.exe
  • C:\WINDOWS\system32\ijl11.dll


Next, it creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"APC" = "C:/Program Files/Advanced Parental Control/BackProcessAPC.exe"
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"APC" = "C:/Program Files/Advanced Parental Control/BackProcessAPC.exe"


It also creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12FEFB2F-024C-4360-A3F5-126BEF45212D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D15F8B-081A-486B-BCCE-E81AE74FBD49}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2509D3AE-EC16-4EBA-A10C-F7AB24056203}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27FAF61B-7FAB-4FC6-8BBA-D33AF28DE6A9}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6733760A-D427-40E3-A745-A8DD2914B686}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{757F9508-B33E-4888-8F04-EBDE2E6996D3}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8941E2EF-B530-49D8-9BF2-3F9F1C48A24C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B16E36-E303-4D91-BCB2-2213F46C09DC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CBE1212E-EB30-4E01-B90C-7D732CA74A18}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F864AF04-3415-4740-8B45-1D56438B74E7}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C49F454-FBE2-45F7-8B60-49875EF78F39}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1E11E99C-9C27-448F-A59E-251BFDD3C702}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{51BA3DCD-D61E-46FF-9254-CDE03B211FD8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5D8A8901-B9AB-40CD-885C-4517A5EE3D59}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CB7B0557-AC6C-44FC-9952-29321974D7AC}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EC4033A7-A57E-450C-9FE3-DE813290723C}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF446C9B-5155-4D3B-8EE2-7280878BB1FB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F0CC248B-413F-410D-B46B-65A6D2D98986}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F1E957ED-5920-4D71-9166-9FB7785F6799}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F82CC7EA-EB26-4E80-BB74-0AE8BE9F853F}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsFunctionProcedure
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsIniFile
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsInternet
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsPrevilage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsProcess
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsRegistry
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsScreenCapture
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsService
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsSystemUsersControl
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemAPC.ClsSystemUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{098C7096-5DE3-495B-9073-517777167707}


The program then monitors and restricts computer usage.

It can be configured to block web pages, program usage, and some OS functionality by user and time.

The program can also record application usage, take regular screenshots, and record keystrokes.
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver