Unsolicited messages in Instant Messaging applications which have the following form (picture below): "foto :D [shortend_url]" . The shortened URLcontains the worm which has the icon of a picture so it can trick the user that the malware is in fact a photo. If the user executes the file then an explorer window will appear, followed by a new browser window containing a list of contacts from a known social networking Website. After, it hides itself by modifying the properties of the file (to hidden).
Please let BitDefender disinfect your files.
The Trojan spreads by spamming instant messages to contacts.
The malicious application copies itself in the operating system's folder with the name "jusched.exe", which is similar to a known programming language file. In order to start itself each time the operating systems runs the following registry values are added :
It adds itself as an authorized application for the system's firewall by adding a value into the following keyHKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List .
It stops the Windows Automatic Updates Service, preventing the user from getting the necessary updates, including the ones that ensure the security of the system. It also tries to stop msmpsvc.exe which belongs to Microsoft Malware Protection Service.
It has the ability to send messages to contacts on the following instant messaging applications : Skype, Yahoo Messenger, AIM (AOL Instant Messenger).