Skip to content
1-888-762-8736(M-F 8:00am-5:00pm CST)
1-877-218-7353(M-F 8:00am-5:00pm CST)
href="http://www.trendmicro.com/us/enterprise/index.html" id="ENT-overview-test2" title="SEE ALL ENTERPRISE SOLUTIONS">Enterprise Overview
This backdoor arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware.
It executes commands from a remote malicious user, effectively compromising the affected system. However, as of this writing, the said sites are inaccessible.
This backdoor arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It may be dropped by the following malware:
This backdoor drops the following non-malicious file:
(Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)
This backdoor drops the following shortcut pointing to its copy in the User Startup folder to enable its automatic execution at every system startup:
This backdoor opens the following port(s) where it listens for remote commands:
It executes the following commands from a remote malicious user:
It connects to the following URL(s) to send and receive commands from a remote malicious user:
However, as of this writing, the said sites are inaccessible.
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Remove the malware/grayware file that dropped/downloaded BKDR_POISON.DOC
Identify and terminate files detected as BKDR_POISON.DOC
To terminate the malware/grayware process:
Search and delete these files
To delete malware/grayware component files:
Scan your computer with your Trend Micro product to delete files detected as BKDR_POISON.DOC. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Connect with us on
| | | |