PoisonIvy Description

Poison Ivy is a backdoor Trojan that infects normal system processes before Poison Ivy tears a hole straight through your computer's security. A PC that's plagued by a Poison Ivy backdoor infection may show no symptoms of being attacked and you should use anti-malware programs to find and remove Poison Ivy backdoor, when such programs are available for use. Recent Poison Ivy backdoor attacks have been linked to spam email messages that pretend to be sent by the webmaster of a career database website. Since this exploit may not yet be patched on even very competent anti-malware products, SpywareRemove.com malware experts warn that you should take particular care to avoid downloading email file attachments; unless you're absolutely certain that they're safe.

Why That 'Harmless' Email Might Just Have Poison Ivy Backdoor All Over It

As of late August 2011, SpywareRemove.com malware research team has found that many Backdoor.PoisonIvy trojans are spreading through email file attachments. The current Poison Ivy backdoor email template contains the message 'I forward this file to you for review. Please open and view it' along with an .xls (Microsoft Excel) file attachment and appears to be sent by the webmaster for Beyond.com. You can also recognize this message by looking for the '2011 Recruitment Plan' subject line.
Despite having the visible file type of an Excel document, SpywareRemove.com malware researchers have found that the file attachment is, in reality, a Flash file that's executed by Excel due to an unforeseen program vulnerability. In the future, keeping Microsoft Excel and other Windows components patched, may help to close such loopholes, but for the time being, avoiding the file itself is your best protection against Poison Ivy backdoor.
Poison Ivy backdoor can also be detected by several other aliases, including Backdoor:Win32/Poison, Backdoor.PoisonIvy.CV, Mal/Behav-285, Packed.Win32.Black.a, W32/Sdbot.worm and W32.IRCBot (the latter due to Poison Ivy backdoor's predisposition to contact IRC servers to receive instructions). Other names for notable variants of Poison Ivy backdoor, such as Backdoor:Win32/Poison.BC, Backdoor:Win32/Poison.AQ, or Backdoor:Win32/Poison.M are also common.

Why You Don't Want Poison Ivy Backdoor to Leave Your PC Scratching

SpywareRemove.com malware researchers have noted that Poison Ivy backdoor is exceptionally difficult to notice, since a standard Poison Ivy backdoor infection will corrupt explorer.exe and iexplore.exe, instead of creating its own memory processes. This also allows Poison Ivy backdoor to ignore your firewall without creating any setting changes that you might be able to notice, although you may still be able to monitor Poison Ivy backdoor by watching for excessive memory usage.
After infecting Windows, Poison Ivy backdoor will contact a remote IRC server to receive instructions. Hazards that are related to this behavior that SpywareRemove.com malware researchers have observed include, but aren't restricted to the list below:

  • Poison Ivy backdoor may install other forms of harmful software, such as rogue security programs, keyloggers, Trojans or viruses.
  • Poison Ivy backdoor may change Windows settings to lower your computer's security and make the system vulnerable to additional attacks.
  • Poison Ivy backdoor may allow remote criminals to control your PC, including allowing criminals to steal private information, destroy files or force your computer to take part in crimes like DDoS attacks.

Because of the high level of security risk that any Poison Ivy backdoor infection causes, you should be prepared to use whatever anti-malware software and strategies are required to remove Poison Ivy backdoor for good.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PoisonIvy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

CLADD File name: CLADD
Size: 20.48 KB (20480 bytes)
MD5: d228320c98c537130dd8c4ad99650d82
Detection count: 76
Group: Malware file
Last Updated: December 11, 2009

Related Posts

Posted: April 17, 2009
Threat Metric
Threat Level: 9/10
Infected PCs 48

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.