Subscribe
The Trojan performs the following actions.
- makes screenshots;
- logs keystrokes;
- tracks mouse movement;
- logs sites visited;
- monitors computers on the network;
- provides the option to indicate a specific window within which activity will be tracked.
Harvested data will be sent to the address specified by the remote malicious user.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on
how the program originally penetrated the victim machine).
PcGhost.exe
- Delete the following registry keys:
[HKLM\Software\Sun\pcGhost] [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "PcGhost"
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan is designed to steal confidential data. It is a Windows PE EXE file. It is written in Delphi. It is 275,456 bytes in size.
InstallationThis Trojan will be installed to the victim machine by another malicious program.
The Trojan is configured using a Trojan spy construction program.
When launching, the Trojan loads a file called pcmsg.dll. This is used to harvest information from the system.
The Trojan creates the following system registry key:
[HKLM\Software\Sun\pcGhost]
The Trojan will also check the registry for the following key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "PcGhost"
The Trojan also creates a unique identifier, “pcGhost”, to flag its presence in the system:
pcGhostPayload
Hot Articles