TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
BKDR_POISONIV.QI
Overview
Solution

Malware type: Backdoor

Aliases: Backdoor.Win32.Agent.gwu (Kaspersky), TR/Crypt.XPACK.Gen (Avira), Troj/Poison-U (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

BKDR_POISONIV.QI Behavior Diagram

Malware Overview

This backdoor may be downloaded from remote sites by a malware detected by Trend Micro as EXPL_NEVAR.B.

It opens a hidden Internet Explorer window. It opens a random port to allow a remote user to connect to the affected system. Once a successful connection is established, the remote user is able to execute commands on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 11, 2008 1:42:04 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.