This Trojan may be dropped by other malware. It may arrive bundled with malware packages as a malware component. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries. It modifies registry entries to enable its automatic execution at every system startup.
It disables the DCOM protocol. It disables Automatic Windows Update. As a result, once updates are released, affected users are unable to get Windows updates automatically. It disables Security Center functions. It disables Windows Firewall settings. It disables Task Manager. It does the said routine to avoid termination from the affected system's memory. It creates and modifies registry key(s)/entry(ies) as part of its installation routine. It modifies files.
It drops component files.It deletes itself after execution.
More...