W32/Exchanger.F is a Trojan that will infect Windows systems.

Upon execution, the trojan drops CbEvtSvc.exe in Windows System folder.

The trojan creates a service with the following characteristics:

Service name: CbEvtSvc
Display name: CbEvtSvc
Image Path: %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs
Startup Type: Automatic

The trojan registers itself to run as a service by creating a subkey in the following registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

More information can be found at this Proland Software page.