A remote administration utility that bypasses normal security mechanisms to secretly control a program, computer or network.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
The malware creates a dummy winlogon.exe process where it runs its malicious threads and drops the following copy:
It also creates a legitimate winlogon.exe to %windir%\system32\install\Windows.exe.
The malware creates the following registry launch point:
The following registry entries would also be created:
The malware is a reverse connection remote administration tool. It connects to chucknorris.zapto.org at port 150 to get its command.