This is a Visual Basic Script trojan that has been spammed as "Men & Women.html".
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Part of the code is encrypted and decrypts on the fly. If a user open this file Chango first checks the Visual Basic Script version. If it is more than 4 then it creates two files: "C:\WINDOWS\LOGOS.SYS" and "C:\WINDOWS\LOGOW.SYS". Those files are scriptlet objects and contain the string "TROJAN.Chango".
After that the trojan attempts to create in the Windows startup directory of English, Spanish and Portuguese environments the file "TROJAN.CHANGO.HTM".
Further every time the a system is rebooted it will run the IE and open "TROJAN.CHANGO.HTM" that looks like:
Chango doesn't contain any destructive payload.
Technical Details: Katrin Tocheva and Sami Rautiainen, F-Secure