2) When the file is executed, it will copy itself to the "WINDOWS\SYSTEM" directory.
3) The following registry key will be modified to execute K2PS.EXE program automatically every time Windows is launched: \\HKEY_LOCAL_MACHINE\Software\Microsoft\Window\CurrentVersion\Run
4) When Windows is re-launched, the K2PS.EXE program will automatically execute and a hidden file called K2PS.CFG will be created in the \WINDOWS\SYSTEM directory.
5) If you are connected to the Internet, the trojan will automatically connect to an email server in Brazil and try to send the dialup information from the computer including login name and password. It is not possible to see this script with in the executable since it has been encrypted with a simple "ROR" algorithm.
6) The information is sent to a "free mail" email user account in Japan with the email address of "firstname.lastname@example.org", so it is difficult to trace the owner of the email account.