Trojan bot infects computers running Windows. At infection of system places the copy in the catalog % APPDATA% \ {GUID} \ and modifies the registry branch SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ Run in order to implement its own autorun at system startup.
Built into all business processes and performs intercept Internet functions if for all processes will be found the following:
– maxthon, browser, firefox, iexplo, safari, mozill, chrome, avant, opera, netsc
If the user carries out web search by means of one of traced browsers, the Trojan receives URL of required search inquiry and sends it to the remote server. The server, in turn, sends to the bot specially created team which contains information and the web address with which the original search inquiry of the user will be changed.