Troj/Gimmiv-A is a Trojan for the Windows platform.
When Troj/Gimmiv-A is run, the following file is dropped:
<System>\wbem\sysmgr.dll
This file is also detected as Troj/Gimmiv-A
Troj/Gimmiv-A sets the following registry entries to link the dll with svchost.exe:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost
sysmgr
sysmgr
HKLM\SYSTEM\CurrentControlSet\Services\sysmgr\Parameters
ServiceDll
<System>\wbem\sysmgr.dll
HKLM\SYSTEM\CurrentControlSet\Services\sysmgr\Parameters
ServiceMain
ServiceMainFunc
Troj/Gimmiv-A then also creates a service with the a Service Name of "sysmgr" and a Display Name of "System Maintenance Service" to run the dropped dll on startup by running "<Root>\System32\svchost.exe -k sysmgr".
The dll includes functionality to send information about the infected computer to a remote website, including information about what anti-virus product is being run.