Win32/Poison [Threat Name] go to Threat
Win32/Poison.NAE [Threat Variant Name]
Category | trojan |
Size | 193574 B |
Aliases | Worm.Win32.Luder.caqc (Kaspersky) |
BackDoor.SmallX.AYT.trojan (AVG) | |
TR/Strictor.29843.5 (Avira) | |
Variant.Strictor.29843 (BitDefender) |
Short description
Win32/Poison.NAE is a trojan which tries to download other malware from the Internet.
Installation
When executed, the trojan copies itself into the following location:
- %system%\pvp.exe
The trojan may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{EF0BFDF0-51B3-03F6-A77D-21912157D183}]
- "StubPath" = "%system%\pvp.exe"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "pvp" = "%system%\pvp.exe"
This way the trojan ensures that the file is executed on every system start.
Other information
The trojan contains a URL address.
It tries to download the other part of the infiltration from the address. The HTTP protocol is used.
The file is executed as a thread in the folowing process:
- %system%\pvp.exe
The trojan may delete the following Registry entries:
- [HKEY_CURRENT_USER\Software\Microsoft\Active Setup\Installed Components\{EF0BFDF0-51B3-03F6-A77D-21912157D183}]
The trojan is able to log keystrokes.