It is an encrypted, mass-mailing worm that arrives as an attachment with either a .pif, .scr, .exe, .cmd, .bat, or .zip extension.
Allows unauthorized remote access. Kills the process of several antivirus and security applications.
Searches for email addresses in files with different extensions.
Attempts to send itself to the email addresses it found.
The email will have the following characteristics.
From: may be spoofed.
Subject: may be one from predefined list.
Attachment: file with .pif, .scr, .exe, .cmd, .bat, or .zip extension.
Navigate to the key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Taskmon" = "%System%\Rundll16.exe"