This family of Trojans steals user passwords.
When launching, the Trojan writes the following value to the system registry.
putil = %windir%\%file name%
This ensures that the Trojan will be run every time the system is started.
It then copies itself to the Windows folder, and launches itself from there, deleting the original file.
The Trojan harvests information about the system (operating system, configuration etc.) and passwords for a range of services and applications, including RAS, POP3, IMAP, ICQ, FTP etc.
The information collected is encoded using MIME (Base64) and sent to the Trojan's author by email, using an SMTP server with an IP address which is coded in the Trojan's body.
Check other viruses! Be aware! Use Antiviral Software
It is a dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the beginning of COM and EXE files that are executed. The virus has a bug and may corrupt the files while infecting them or halt the system.
It is a harmless memory resident parasitic polymorphic virus. It hooks INT 21h and writes itself to the end of COM and EXE files (except COMMAND.COM) that are accessed. The virus does not manifest itself in any way. It contains the text strings:
Viruses from A to Z
Sony Vaio Battery