copies itself in the Windows Temporary Files folder using a file name with the following format:
It converts this copy into a DLL file with another name that also follows the format discussed previously.
then attempts to install its copy as a print provider. If this fails, it attempts to manually restart the "spooler" service.
Installs other malware
drops a file with a name that follows the format discussed in the previous section. This dropped file is detected as Trojan:WinNT/Alureon.L.
It registers its dropped file as a system service with a random file name so that it automatically runs every time Windows starts, for example:
Connects to a remote server
connects to a remote address, such as "18.104.22.168", to send information about the affected PC. The sent information is encoded when sent.
Analysis by Andrei Florin Saygo
Alerts from your security software may be the only symptom.