Once launched, the virus writes its code to the “explorer.exe” address space. The infected process then searches for all files with an .exe extension and appends the virus code to all files found.
Folders with the names listed below will not be scanned for files:
The files listed below will not be infected:
The virus is also able to download other malicious programs to the victim machine; these are programs which are designed to steal online game passwords. In order to do this, the virus sends a request which contains the victim machine’s parameters to the following links (at the time of writing, these links were not active):