Threat Database Backdoors BKDR_POISON.DMI


By Sumo3000 in Backdoors

Threat Scorecard

Threat Level: 20 % (Normal)
Infected Computers: 876
First Seen: June 26, 2013
Last Seen: May 20, 2023
OS(es) Affected: Windows

BKDR_POISON.DMI is a backdoor Trojan, which is downloaded on a targeted computer system by other malware infections or downloaded from the Internet. BKDR_POISON.DMI propagates as a file downloaded by other malware infections or as a file downloaded unknowingly by computer users when visiting infected websites. BKDR_POISON.DMI opens a hidden Internet Explorer window. BKDR_POISON.DMI runs commands from a remote cybercriminals, corrupting the attacked PC. BKDR_POISON.DMI does not have any downloading capability. BKDR_POISON.DMI eliminates itself after execution. While being installed, BKDR_POISON.DMI downloads the harmful component files. BKDR_POISON.DMI adds the registry entries so that it can run automatically every time the computer system is started. BKDR_POISON.DMI connects to the certain web addresses to transmit and receive commands from a remote cybercriminal. BKDR_POISON.DMI logs keystrokes, lists active ports, captures screen, audio, and webcam, runs binary instructions, manages passwords, manages open windows, manages registry, processes, services, devices, and installed programs.

File System Details

BKDR_POISON.DMI may create the following file(s):
# File Name Detections
1. %System%\msnsgsd.exe

Registry Details

BKDR_POISON.DMI may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CD0E2AD6-5E15-37EF-F99E-E0D425757AFA} StubPath = "%System%\msnsgsd.exe"


BKDR_POISON.DMI may call the following URLs:


Most Viewed