There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.
Backdoor:Win32/Poison.E is malware that allows a remote attacker to gain backdoor access and control of your computer.
What to do now
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
Backdoor:Win32/Poison.E tries to copy itself to your computer as "<system folder>\svchost.exe".
Note that a legitimate Windows file also named "svchost.exe" exists by default in the same folder. Therefore the copy attempt likely fails.
It creates the following registry entry so that it automatically runs every time Windows starts:
In subkey: HKLM\Software\Microsoft\Active Setup\Installed Components\<CLSID> Sets value: "StubPath" With data: "<system folder>\svchost.exe"
where <CLSID> is the class ID for this malware.
Allows backdoor access and control
Backdoor:Win32/Poison.E connects to a remote server to receive commands, allowing a remote attacker to gain access of your computer. To bypass common firewall programs, Backdoor:Win32/Poison.E opens an "iexplore.exe" process and injects itself into it. Once injected into this process, it contacts a remote server to receive commands.
A server it's know to contact is "lsls.3322.org" using TCP port 3460.
Once connected, it performs certain actions as specified by a remote attacker, for example, downloading and running arbitrary files, and logging keystrokes.
Backdoor:Win32/Poison.E creates the mutex names "rdgSxQc12" and "nZi1cM,Aw".