This worm spreads via the Internet as an attachment to infected messages.
It sends itself to all email addresses harvested from the victim computer.
The worm creates copies of itself in all subdirectories which contain the word 'Share' in their names.
The copies are saved under names chosen from the predefined list.
Also, it contains a backdoor function.
The worm opens and tracks activity on TCP and UDP port 81 in order to receive commands.
Navigate to the key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
and delete the value: bawindo = %system%\bawindo.exe