This threat might arrive on your PC with a random file name. When run, it changes its file attributes to hidden. It also creates a registry entry so that it automatically runs every time Windows starts.
Disables drivers and services
The threat disables devices, services, and drivers if your PC starts in Safe Mode and Safe Mode with Networking. It does this by renaming the following registry key:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal - renamed to HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\M
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network - renamed to HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\N
Blocks PC access
It prevents you from accessing your desktop by showing an image across your screen. The image contains instructions to send an SMS to a premium number so that you can regain access to your PC. The image might look like this:
It also stops EXPLORER.EXE and TASKMGR.EXE and disables mouse control.