This family of Trojans steals user passwords.
When launching, the Trojan writes the following value to the system registry.
putil = %windir%\%file name%
This ensures that the Trojan will be run every time the system is started.
It then copies itself to the Windows folder, and launches itself from there, deleting the original file.
The Trojan harvests information about the system (operating system, configuration etc.) and passwords for a range of services and applications, including RAS, POP3, IMAP, ICQ, FTP etc.
The information collected is encoded using MIME (Base64) and sent to the Trojan's author by email, using an SMTP server with an IP address which is coded in the Trojan's body.
Check other viruses! Be aware! Use Antiviral Software
DSME (Dark Slayer's Mutating Engine) is a polymorphic generator. It creates a decryption routine, and encrypts the virus body, then the virus saves this part of code in the file being infected.
This generator contains the string:
This is a benign memory resident stealth polymorphic parasitic TPE-based virus. It hooks INT 21h and writes itself to the end of accessed COM and EXE files. It contains the text strings:
This is KELA-17 version virus.
KELA-17 very nice virus . Ha Ha HaHa
KELA - 17. Copyright (c) 1994 by KELA. All Rights Reserved.
and the text strings in Russian. On Friday the 13th, it runs itself utilizing a video effect.
Viruses from A to Z
Sony Vaio Battery