This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects Backdoor.Jabeefit activity on infected machine.
When the Trojan is executed, it copies itself to the following locations:
The Trojan then drops the following files:
Next, the Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"bifit_agent" = "%UserProfile%\Application Data\BIFIT_A\agent.exe"
The Trojan then opens a back door on the compromised computer, and connects to the following domain:
http :// 18.104.22.168/site1/client.php