W32/Exchanger.F is a Trojan that will infect Windows systems.

Upon execution, the Trojan drops CbEvtSvc.exe in Windows System folder.

This Trojan creates a service with the following characteristics:

Service name: CbEvtSvc
Display name: CbEvtSvc
Image Path: SystemRoot%\System32\CbEvtSvc.exe -k netsvcs
Startup Type: Automatic

It registers itself to run as a service by creating subkey in the following registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

More information can be found at this Sophos page.