The operations of this trojan include pretending to be scanning the computer as an antivirus and it displays a message reading "Welcome to CMDSpybot. Press any key to continue." It does the dir/s command in cmd.exe, then acts much like a rogue, finding fake threats on the computer. When it is complete, it scares the user into thinking that it is deleting hal.dll and control.ini. It does not actually do this, but it will display a message reading "This is rouge please remove me." When the user then presses any key, it will automatically remove itself.