Trojan, known as Heloag, installs itself on PCs after being downloaded from one of two domains: 7zsm.com or elwm.net. Once on the machine, the Trojan loads itself into the Windows directory and installs a registry key that ensures the malware will be loaded during the startup routine. It then makes a connection to the C&C server for the botnet to register itself and await commands. The Trojan effectively gives the attacker complete control of the infected machine, and provides a simple platform for him to load other malicious software.
Source: https://threatpost.com/new-p2p-botnet-forming-041310/73818/