Selected viruses, spyware, and other threats: sorted alphabetically
The following file is dropped in the %windir% folder:
The library is loaded and injected in all processes.
The following Registry entry is set:
"GlobalUserOffline" = 0
The following file is modified:
Executable files infection
The virus infects files referenced by the following Registry entries:
This causes the virus to be executed on every system start.
The virus searches local and network drives for executables with one of the following extensions:
The virus also searches for executables in shared folders of remote machines. Infection is attempted only if an executable is not in a folder that contains one of the following strings in the name:
Several other criteria are applied when choosing a file to infect. Files are infected by adding a new section that contains the virus. Size of the code inserted is 20480 B.
The virus deletes files with the following extensions:
The virus deletes executable files, that contain one of the following strings in the name:
The following programs are terminated:
The virus tries to download and execute several files from the Internet.