This Trojan may arrive bundled with malware packages as a malware component. It may arrive as a .DLL file that exports functions used by other malware.
It creates registry entries to enable its automatic execution at every system startup. It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating registry keys/entries.
This Trojan monitors the address bar of Intener Explorer (IE). It displays the following error message once the user enters a Web site address in the address bar:


When the user clicks Yes, the user is then directed to the Web site, http://{BLOCKED}rus.com/download.php, where this Trojan downloads the file, IEAV.EXE: Trend Micro detects the file as ADW_IEANTIVIR. As a result, routines of the downloaded adware are also exhibited on the affected system.
When the user clicks No, the user is then directed to fake site , http://{BLOCKED}can.com/id/4912933/4/1. and displays the following fake pop-up virus scan result window:



More...