When the Trojan is executed, it creates the following file:
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS].exe
The Trojan appears as a security application with the title Security Shield and reports false or exaggerated system security threats on the computer.
It then displays frequent pop-up alerts about non-existent malware or security risks on the computer.
It then prompts purchase of software activation to remove non-existent malware or security risks from the computer.
It displays a pop-up message prompting the user to enter their credit card information to pay for the software.
It also blocks access to Web pages by displaying a warning message in the browser.
The Trojan may also block access to legitimate applications by preventing them from running (or stopping them if they are already running).
Some variants may have the title Live Security Platinum.
This variant will also display frequent warning messages about false or exaggerated system security threats on the computer.
This variant also prompts purchase of software activation to remove non-existent malware or security risks from the computer.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":