This threat is a malicious Volume Boot Record (VBR), which is loaded at boot time.
It intercepts the hard disk I/O (input/output) operation, or system memory layout functions, to patch the PC's boot module. It also tries to tamper with Windows kernel data to load its own malicious driver. When your PC starts, the malware is loaded instead, and you may experience crashes.
The malicious driver injects other malware components, for example Trojan:Win32/Claretore.L and Trojan:Win32/Vundo, into certain system processes such as svchost, or other processes related to programs such as firefox, iexplorer, and chrome.
To hide its presence on your PC, the loaded driver intercepts the hard disk I/O (input/output) operation, and returns the original clean copy if the VBR is accessed.
It also provides a private network stack to prevent the PC from using its standard network. Some versions of the threat also contain a backdoor that it uses to get other malicious components from the server.