Troj/VB-GX is a downloading Trojan for the Windows platform that attempts to download an excutable with the filename 123.exe from a predefined remote location.
Once executed, Troj/VB-GX copies itself to the Windows system folder with the filenames d11host.exe and n0tepad.exe.
In order to be able to run automatically when Windows starts up Troj/VB-GX sets the registry entries:
HKLM\software\microsoft\windows\currentversion\run\
systemr
"d11host.exe"
HKCU\software\microsoft\windows NT\currentversion\windows\
load
"N0TEPAD.EXE"
Troj/VB-GX also creates a log file in the Windows system folder with the filename windll.dll, and may modify the following registry entry:
HKCU\software\microsoft\internet explorer\main\
start page
"about:blank"