Troj/FakeVir-HX is a Trojan for the Windows platform.
When run Troj/FakeVir-HX attempts to silently insert a customised username of "TsTest" with a password of "123" into the list of Administrators in an attempt to allow subsequent access to the infected computer using administrator privileges.
The following registry entries are set:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
TsTest
0
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
fAllowToGetHelp
0
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
fDenyTSConnections
0