This is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate. 

The trojan's file is a DLL that is designed to be loaded at Windows startup using the 'Winlogon\Notify' Registry key. As a result the trojan is loaded as the component of one of Windows's system processes. Its removal or modification is impossible when Windows is active. Moreover, the trojan blocks access to its own file, monitors changes to its Registry keys and restores them if they are modified or deleted. 

The real time service for iSheriff detects the Trojan and limits the access of the file.