This is a Trojan Horse virus and A Rootkit. It keeps itself hidden on the computer and further download more harmful files from Internet. Its visible indication is its EXE file seen in the task manager. It uses different file names to avoid detection, therefore I have grouped its known variation under this category. Its major characteristics are. It creates two different files. One in C:\Windows and one under C:\Windows\System32 folder. One of them is an EXE file and another varies. It registers the EXE file in the windows registry under these registry keys

• The following Registry Keys were created:
  • HKEY_USERS\.DEFAULT\Software\Microsoft\InetData
  • HKEY_CURRENT_USER\Software\Microsoft\InetData

• The newly created Registry Values are:
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    • ttool = "%Windir%\XXXXX.exe"
  
  so that XXXXX.exe runs every time Windows starts
  
  • [HKEY_CURRENT_USER\Software\Microsoft\InetData]
    • k1 = 0x13CDAF5E
    • k2 = 0x4A7CCC1E
    • version = "17"
    • RF = "1"

 The virus stops these windows services - Application Layer Gateway Service, Windows Firewall/Internet Connection Sharing (ICS), Security Center, opens UDP ports, connects to remote IRC server, it may further download more harmful files from the internet.