This family of Trojans steals user passwords.
When launching, the Trojan writes the following value to the system registry.
putil = %windir%\%file name%
This ensures that the Trojan will be run every time the system is started.
It then copies itself to the Windows folder, and launches itself from there, deleting the original file.
The Trojan harvests information about the system (operating system, configuration etc.) and passwords for a range of services and applications, including RAS, POP3, IMAP, ICQ, FTP etc.
The information collected is encoded using MIME (Base64) and sent to the Trojan's author by email, using an SMTP server with an IP address which is coded in the Trojan's body.
Check other viruses! Be aware! Use Antiviral Software
It is a non memory resident harmless virus. Tt was received from Angarsk (Town in Russia). The infector scans the subdirectory tree, finds and hits .COM-files by standard way. It writes assembler instructions MOV AX, offset Virus; CALL AX into file beginning; contains the string "*.COM".
It is not a dangerous nonmemory resident parasitic virus. It searches for .COM files and writes itself to the end of the file. On November, 29th it displays the message in Russian.
Viruses from A to Z
Sony Vaio Battery