Win32/Poison [Threat Name] go to Threat

Win32/Poison.NAE [Threat Variant Name]

Category trojan
Size 193574 B
Aliases Worm.Win32.Luder.caqc (Kaspersky)
  BackDoor.SmallX.AYT.trojan (AVG)
  TR/Strictor.29843.5 (Avira)
  Variant.Strictor.29843 (BitDefender)
Short description

Win32/Poison.NAE is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan copies itself into the following location:

  • %system%\­pvp.exe

The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Active Setup\­Installed Components\­{EF0BFDF0-51B3-03F6-A77D-21912157D183}]
    • "StubPath" = "%system%\­pvp.exe"
  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "pvp" = "%system%\­pvp.exe"

This way the trojan ensures that the file is executed on every system start.

Other information

The trojan contains a URL address.


It tries to download the other part of the infiltration from the address. The HTTP protocol is used.


The file is executed as a thread in the folowing process:

  • %system%\­pvp.exe

The trojan may delete the following Registry entries:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Active Setup\­Installed Components\­{EF0BFDF0-51B3-03F6-A77D-21912157D183}]

The trojan is able to log keystrokes.

Please enable Javascript to ensure correct displaying of this content and refresh this page.