1. I double click on the photo.exe.
It can terminate the existing process of QQ IM software.
2.Then, I restart QQ IM and type some words on the window of it.
The photo.exe can connect to the internet.
3.comodo trusts the photo.exe which is injected with the MSDTCTM.dll.
4.The malware creates an autorun entry.
Windows XP SP3 32bit