Opachki uses a dropper to infect users machines, loading a DLL file. It then goes through a complex routine that involves partially decrypting various strings in memory and then deleting the strings as soon as it s finished with them. The main goal is to hijack Web links and redirect victims to a third-party site where a JavaScript file is loaded onto the machine, again redirecting the machine to another server. The most damaging feature is its ability to delete the registry key that enables a user to boot a machine in Safe Mode.
Source: https://threatpost.com/opachki-trojan-hijacking-web-links-110309/73029/