The Trojan will download and intsall the following files:
<System32>\csms.exe
<System32>\msmcts.dll
Troj/Agent-Y will run in the background and periodically upload results to a ftp server.
During installing, Troj/Agent-Y will set various registry entries under
HKLM\SOFTWARE\Microsoft\MSFD
In addition, it will also set the following registry entries to allow further access:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
cmssSystemProcess = <system32>\csms.exe
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\List\
<path to mslist.exe> = "<path to mslist.exe>:*:Enabled:cmsscs"
Before downloading, the Trojan will attempt to terminate various anti-virus/firewall processes.