This malware when executed immedietly opens a connection to a remote computer then downloads a fake msnmsgr.exe and winlogon.exe (winlogon.exe is in java). At that point it seems to open a netsh.exe to take control of the computer. Then it downloads and opens GvbSvm.exe, that processes opens 2 processes of GvbSvk.exe.
These two processes (GvbSvm.exe and GvbSvk.exe) from the looks of the decompiled strings.. do something with days and times and the internet aswell as file streams. Not sure exactly what this could accomplish.
-Mike
Edit: The msnmsgr.exe and winlogon.exe are infected replacements of the real files. Meaning the original system versions were deleted and replaced with this infected ones.
