This worm may be installed manually by a user. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It drops copies of itself. It injects threads into normal processes.
It creates registry entries to enable its automatic execution at every system startup.
It creates registry key(s)/entry(ies) as part of its installation routine.
It drops copies of itself in all physical drives. It drops copies of itself in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
It accesses Web sites to download file(s). As a result, malicious routines of the downloaded files are exhibited on the affected system. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
More...