W32/Exchanger.T is a Trojan that will infect Windows systems.

Upon execution, the Trojan copies itself as CbEvtSvc.exe in Windows System folder. It creates a service with the following characteristics:

Service name: CbEvtSvc
Display name: CbEvtSvc
Image Path: %SystemRoot%\System32\CbEvtSvc.exe -k netsvcs
Startup Type: Automatic

This Trojan registers itself to run as a service by creating subkey in the following registry entries:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Service

More information can be found at this Proland Software page.