|Upon execution W32/Mitglieder.UZ creates the file the text file C:\error.txt and opens it notepad. The file contains the following text:|
Text decoding error.
Creates the folder in %APPDATA% named hidn and copies itself there as hldrrr.exe and hidn2.exe
Adds the value:
"drv_st_key" = "%APPDATA%\hidn\hidn2.exe"
to the registry key:
Harvests e-mail addresses from all files on the infected computer having one of the following extensions:
E-mails attaches a zipped copy of itself to e-mails it sends to the harvested e-mail addresses. The zip archive is named one of the following:
where <Date> is the date it was sent.
It tries to download and execute additional code and updates itself from the Internet.