This Trojan may be downloaded from remote sites by other malware. It may be downloaded from certain remote sites.
It creates folders. It creates registry key(s)/entry(ies).
It accesses Web sites to download and execute a file that Trend Micro detects as TROJ_FAKEAV.AV. As a result, malicious routines of the downloaded files are exhibited on the affected system.
It deletes itself after execution.
More...