When the Trojan is executed, it may create the following files:
The Trojan creates the following mutex so that only one instance of the threat executes on the computer:
A possible mutex would be MYSERV354, for instance.
The Trojan steals operating system and network adapter information from the compromised computer.
The Trojan then opens a back door on the compromised computer and connects to the following domain:
The Trojan may then perform malicious activities on the compromised computer.
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":