To complicate detection of its presence in the operating system,
forces the system hide from view:
blocks execution of the following system utilities:
- Windows Task Manager (Taskmgr)
- Registry Editor (RegEdit)
Creates and executes the following:
- '%TEMP%\Sprocess.tmp' msconfig.exe,r_server.exe,iexplore.exe,firefox.exe,opera.exe,rundll32.exe,taskmgr.exe,MJLoader.exe,client.exe,msmsgs.exe,qq.exe,tm.exe,GreenBrowser.exe,TheWorld.exe,KwMusic.exe,AliIM.exe,iexplore.exe
Terminates or attempts to terminate
the following user processes:
- opera.exe
- iexplore.exe
- firefox.exe
Modifies settings of Windows Explorer:
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'NoDrives' = '07FFFFFB'
Forces autoplay for removable media.