It is a new Trojan appearing recently which shares some functions with the rootkit and backdoor. While this malware goes unnoticed, it introduces random commands which allow its Developer to take control of the system attacked by the malware.

It can remain in the memory while the rootkit component hides from both the traditional antivirus and the user.  It can also produce DoS attacks through IP directions downloaded from the Web. The DoS are service denials left by the use of applications or even by the operative system itself.

It creates certain elements when executed for the first time:

%Windir%\sysvx_.exe
%System%\sysvx.exe
%System%\comdlg64.dll

It modifies entries in the register to restart its operations together with Windows:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "sysvx" = "%[name of the variable depending on the installed SO]%\sysvx_.exe

Variable %Windir% para “C:\Windows” en Windows 95/98/Me/XP/Server 2003 y “C:\Winnt” en Windows NT\2000

Variable %System% para “C:\Windows\System” en Windows 95/98/Me, “C:\Winnt\System32” en Windows NT/2000 y “C:\Windows\System32” en Windows XP y Windows Server 2003.