Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] 'Generic Host Process for Win32 Services' = 'ghsvc.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Generic Host Process for Win32 Services' = 'ghsvc.exe'
- <SYSTEM32>\ghsvc.exe 460 "<Full path to virus>"
- <SYSTEM32>\ghsvc.exe
- <SYSTEM32>\ghsvc.exe
- 'ir#.#izon.net':6667
- DNS ASK ir#.#izon.net
- '<Private IP address>':1035
- ClassName: 'mIRC' WindowName: ''