Troj/Boxed-J is a denial-of-service Trojan for the Windows platform.
Troj/Boxed-J runs continuously in the background periodically sending internet packets to a preconfigured address as part of a DDoS attack.
Troj/Boxed-J copies itself with the filename RVCHOST.EXE to either the system subfolder of the Windows folder or to the folder Application Data\Microsoft\Internet Explorer. Troj/Boxed-J then sets an entry in the registry at the following location so as to run itself when a user logs on:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
.symantec
If Troj/Boxed-J finds an entry already at this location it attempts to copy itself over the file referenced in the registry entry.
Troj/Boxed-J deletes registry entries and terminates processes associated with Troj/Boxed-H if these exist on the infected computer.