- Presence of the file in Windows folder
- Windows executable files increase in size by approximately 37 KBytes
- manual removal: delete all infected files
- automatic removal: let BitDefender disinfect/delete infected files.
BitDefender Virus Researcher
Once an infected file is executed, the file is dropped in Windows folder and executed.
The virus searches in all the folders sequentially, for windows executable files with GUI (graphic user interface) and it infects 10 executable files from the current folder then waits/sleeps for a number of seconds (0-30), then infects another set of 10 files and then waits and so on.
It has backdoor capabilities, uses socket routines and listens/sends commands and informations (as the Windows type and version) on the port 1863.