To complicate detection of its presence in the operating system,
forces the system hide from view:
- hidden files
- file extensions
Terminates or attempts to terminate
the following user processes:
- NAVAPW32.EXE
- mpftray.exe
- GUARD.EXE
- ntvdm.exe
- firefox.exe
- ZONEALARM.EXE
- zapro.exe
- fsav32.exe
- AVP.EXE
- AVGCTRL.EXE
- AVGCC32.EXE
- AVP32.EXE
- AVSYNMGR.EXE
- AVPM.EXE
- AVPCC.EXE
Modifies settings of Windows Explorer:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] 'NoFolderOptions' = '00000001'
Modifies settings of Windows Internet Explorer:
- [<HKCU>\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'Berahi kay Nanganal,. Enjoy YOU PORN.COM hahaha! Hacked by: MALWARE INFECTED...'
Sets a new unauthorized home page for Windows Internet Explorer.