Poison Ivy is a backdoor Trojan that infects normal system processes before Poison Ivy tears a hole straight through your computer's security. A PC that's plagued by a Poison Ivy backdoor infection may show no symptoms of being attacked and you should use anti-malware programs to find and remove Poison Ivy backdoor, when such programs are available for use. Recent Poison Ivy backdoor attacks have been linked to spam email messages that pretend to be sent by the webmaster of a career database website. Since this exploit may not yet be patched on even very competent anti-malware products, SpywareRemove.com malware experts warn that you should take particular care to avoid downloading email file attachments; unless you're absolutely certain that they're safe.
Why That 'Harmless' Email Might Just Have Poison Ivy Backdoor All Over It
As of late August 2011, SpywareRemove.com malware research team has found that many Backdoor.PoisonIvy trojans are spreading through email file attachments. The current Poison Ivy backdoor email template contains the message 'I forward this file to you for review. Please open and view it' along with an .xls (Microsoft Excel) file attachment and appears to be sent by the webmaster for Beyond.com. You can also recognize this message by looking for the '2011 Recruitment Plan' subject line.
Despite having the visible file type of an Excel document, SpywareRemove.com malware researchers have found that the file attachment is, in reality, a Flash file that's executed by Excel due to an unforeseen program vulnerability. In the future, keeping Microsoft Excel and other Windows components patched, may help to close such loopholes, but for the time being, avoiding the file itself is your best protection against Poison Ivy backdoor.
Poison Ivy backdoor can also be detected by several other aliases, including Backdoor:Win32/Poison, Backdoor.PoisonIvy.CV, Mal/Behav-285, Packed.Win32.Black.a, W32/Sdbot.worm and W32.IRCBot (the latter due to Poison Ivy backdoor's predisposition to contact IRC servers to receive instructions). Other names for notable variants of Poison Ivy backdoor, such as Backdoor:Win32/Poison.BC, Backdoor:Win32/Poison.AQ, or Backdoor:Win32/Poison.M are also common.
Why You Don't Want Poison Ivy Backdoor to Leave Your PC Scratching
SpywareRemove.com malware researchers have noted that Poison Ivy backdoor is exceptionally difficult to notice, since a standard Poison Ivy backdoor infection will corrupt explorer.exe and iexplore.exe, instead of creating its own memory processes. This also allows Poison Ivy backdoor to ignore your firewall without creating any setting changes that you might be able to notice, although you may still be able to monitor Poison Ivy backdoor by watching for excessive memory usage.
After infecting Windows, Poison Ivy backdoor will contact a remote IRC server to receive instructions. Hazards that are related to this behavior that SpywareRemove.com malware researchers have observed include, but aren't restricted to the list below:
- Poison Ivy backdoor may install other forms of harmful software, such as rogue security programs, keyloggers, Trojans or viruses.
- Poison Ivy backdoor may change Windows settings to lower your computer's security and make the system vulnerable to additional attacks.
- Poison Ivy backdoor may allow remote criminals to control your PC, including allowing criminals to steal private information, destroy files or force your computer to take part in crimes like DDoS attacks.
Because of the high level of security risk that any Poison Ivy backdoor infection causes, you should be prepared to use whatever anti-malware software and strategies are required to remove Poison Ivy backdoor for good.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to PoisonIvy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.
File System Modifications
The following files were created in the system:
CLADDFile name: CLADD
Size: 20.48 KB (20480 bytes)
Detection count: 76
Group: Malware file
Last Updated: December 11, 2009