HPsus/TSpy-A exhibits behaviour commonly associated with malware such as setting registry entries so that it will be executed in the context of winlogon.exe, copying itself to sensitive areas of the file system, injecting code into running processes and writing autorun.inf files so that it spreads by USB storage devices.