The risk arrives bundled inside installers for other applications.
When the risk is installed, it creates the following files:
- %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\[FILE NAME].lnk
- %UserProfile%\Application Data\Desktopicon\[FILE NAME].exe
- %UserProfile%\Desktop\[FILE NAME].lnk
- %UserProfile%\Start Menu\[FILE NAME].lnk
If any of the .lnk files are double-clicked, the .exe file is run.
The risk opens Internet Explorer and then redirects through a series of pages on various Web sites, eventually arriving at a legitimate Web site.