tries to copy itself to your computer as "<system folder>\svchost.exe".
Note that a legitimate Windows file also named "svchost.exe" exists by default in the same folder. Therefore the copy attempt likely fails.
It creates the following registry entry so that it automatically runs every time Windows starts:
In subkey: HKLM\Software\Microsoft\Active Setup\Installed Components\<CLSID>
Sets value: "StubPath"
With data: "<system folder>\svchost.exe"
where <CLSID> is the class ID for this malware.
Allows backdoor access and control
connects to a remote server to receive commands, allowing a remote attacker to gain access of your computer. To bypass common firewall programs, Backdoor:Win32/Poison.E opens an "iexplore.exe" process and injects itself into it. Once injected into this process, it contacts a remote server to receive commands.
A server it's know to contact is "lsls.3322.org" using TCP port 3460.
Once connected, it performs certain actions as specified by a remote attacker, for example, downloading and running arbitrary files, and logging keystrokes.
creates the mutex names "rdgSxQc12" and "nZi1cM,Aw".
Analysis by Jeong Mun
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.