"WriteD" environment variable is present.
Periodical pop-ups with advertisments.
These registry keys under [HKLM\Software\Microsoft\Windows\Current Version\Winlogon\Notify\Run]:
A removal tool will be made available soon.
Theodor Ciobanu, virus researcher
This is adware. It logs the URLs visited by the host, and displayes pop-up windows with advertisments, based on the information it gathered. It downloads additional files and executes them - may be updates of itself and configuration files to modify start and search pages. The URLs accessed by the program to provide advertisments are from www.ad-w-a-r-e.com or www.a-d-w-a-r-e.com.
It it is installed as a shell extension by ad-supported software or by other malicious software in the %system% directory, with a random file name. It uses a random CLSID every time it is installed, and it sets itself to be notified whenever a user logs on/off or the system shuts down. It also downloads and installs rootkit-like malware, to make itself difficult to remove.