Home Malware Programs Backdoors Backdoor:Win32/Poison.E

Backdoor:Win32/Poison.E

Posted: March 21, 2013

Threat Metric

Threat Level: 2/10
Infected PCs: 41
First Seen: March 21, 2013
OS(es) Affected: Windows

Backdoor:Win32/Poison.E is a backdoor Trojan that enables remote attackers to get backdoor access and control of the affected computer. Backdoor:Win32/Poison.E strives to copy itself to the infected computer as a potentially malicious file, which is named similarly to a legitimate Windows file and exists by default in the same folder; therefore, the copy attempt probably fails. Backdoor:Win32/Poison.E creates the registry entry so that it can run automatically every time Windows is started. Backdoor:Win32/Poison.E connects to a remote server to receive commands, which allows a remote attacker to get access of the compromised PC. To avoid common firewall programs, Backdoor:Win32/Poison.E opens an 'iexplore.exe' process and inserts itself into it. Once inserted into this process, Backdoor:Win32/Poison.E contacts a remote server to receive commands.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



[system folder]\svchost.exe File name: [system folder]\svchost.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\[CLSID] "StubPath" = "[system folder]\svchost.exe"
Loading...