%HOMEPATH%\Start Menu\Programs\Startup\AMATEUR PRIVATE PORN NAKED COLLEGE GIRL LEGS SPREADING PUSSY.scr
Creates the following files on removable media:
<Drive name for removable media>:\autorun.inf
<Drive name for removable media>:\AMATEUR PRIVATE PORN NAKED COLLEGE GIRL LEGS SPREADING PUSSY.exe
<Drive name for removable media>:\1810454.exe
Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\service.kno' = '<SYSTEM32>\service.kno:*:Enabled:Windows Time Sync'
[<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to virus>' = '<Full path to virus>:*:Enabled:Windows Time Sync'