Downloads and Executes Files
When the trojan is executed, it initially downloads a script that contains a number of commands from the domain "ysbweb.com". These commands specify the locations of adware-related and malicious files for the trojan to download. The malicious files which may be downloaded and executed by the trojan are detected as Win32.SillyDl variants. These variants are executed from the following locations:
* C:\Program Files\ISTbar\istbarcm.dll (73,728 bytes)
* C:\Program Files\ISTsvc\istsvc.exe (18,944 bytes)
* C:\Program Files\SACC\
sacc.exe (61,440 bytes)
* %Windows%\<random name>.exe (10,240 bytes)
* %Temp%\sidefind.exe (10,752 bytes)
* %Temp%\cxtpls_loader.exe (64,000 bytes)
* %Temp%\dealhelper.exe (20,480 bytes)
* %Temp%\sahagent.exe (56,078 bytes)
I just googled it... here is a link:
http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=42279
Might want to look into it..