Once executed, the Trojan creates the following files:
The Trojan attempts to load a DLL with the following file name:
The Trojan modifies the following registry entry:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\"Security Packages" = [ORIGINAL ENTRIES], "msv2_0"
The Trojan creates the following mutex so that only one instance of the threat executes on the computer:
The Trojan connects to the following remote location to download potentially malicious files:
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":