Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'xohip' = '<SYSTEM32>\xohip.exe'
- '%TEMP%\GLJ2.tmp' <SYSTEM32>\shdocvw.dll
- '%TEMP%\GLJ2.tmp' <SYSTEM32>\Mswinsck.ocx
- '%TEMP%\GLJ2.tmp' <SYSTEM32>\Msinet.ocx
- <SYSTEM32>\~GLH0006.TMP
- <SYSTEM32>\~GLH0005.TMP
- <SYSTEM32>\~GLH0003.TMP
- <SYSTEM32>\xohip.exe
- C:\INSTALL.LOG
- %TEMP%\RGI7.tmp
- <SYSTEM32>\temp.000
- %TEMP%\GLK3.tmp
- %TEMP%\GLJ2.tmp
- %TEMP%\GLC1.tmp
- <SYSTEM32>\~GLH0001.TMP
- %TEMP%\~GLH0000.TMP
- %TEMP%\GLG5.tmp
- %TEMP%\GLK3.tmp
- %TEMP%\GLG5.tmp
- %TEMP%\GLJ2.tmp
- %TEMP%\GLC1.tmp
- %TEMP%\GLF6.tmp
- %TEMP%\RGI7.tmp
- <SYSTEM32>\~GLH0003.TMP
- <SYSTEM32>\~GLH0001.TMP
- <SYSTEM32>\temp.000
- <SYSTEM32>\~GLH0006.TMP
- <SYSTEM32>\~GLH0005.TMP
- from <SYSTEM32>\temp.000 to <SYSTEM32>\~GLH0004.TMP
- from <SYSTEM32>\~GLH0004.TMP to <SYSTEM32>\Mswinsck.ocx
- from <SYSTEM32>\~GLH0002.TMP to <SYSTEM32>\Msinet.ocx
- from %TEMP%\~GLH0000.TMP to %TEMP%\GLF6.tmp
- from <SYSTEM32>\temp.000 to <SYSTEM32>\~GLH0002.TMP
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''