Symptoms include full IP scans of all subnets via ICMP.
Installs the following in HKCU/Run: and HKLM/Run:
winsct32.exe
winmgm32.exe
prpcui.exe
pntask.exe
loadqm.exe
The only hit I've gotten on any of these is on wingmg32.exe claiming to be a variant of SOBIG.
Any assistance in identifying appreicated, but it appears to be jumping from machine to machine.