Technical Information
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\svchost.exe
- '<SYSTEM32>\ping.exe' 127.0.0.1 -n 3
- '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\svchost.exe' Menu\Programs\Startup\svchost.exe
- '<SYSTEM32>\cmd.exe' /c ping 127.0.0.1 -n 3&del /q "<Full path to file>"
- '%ALLUSERSPROFILE%\Start Menu\Programs\Startup\svchost.exe'
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\ghost[1].php
- <Current directory>\temp
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\ghost[1].php
- <Current directory>\temp
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\svchost.exe
- <Current directory>\temp
- <Current directory>\temp
- 'ro###a.vicp.net':80
- http://ro###a.vicp.net/ghost.php?id##
- DNS ASK ro###a.vicp.net