This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This siganture detects traffic generated by Backdoor.Fexel
When the Trojan is executed, it may drop the following file:
%UserProfile%\Aplication Data\[8 HEXADECIMAL DIGITS].dll
The Trojan then creates the following registry entries so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[8 HEXADECIMAL DIGITS]" = "rundll32.exe \%SystemDrive%\Documents and Settings\All Users\[8_hex_digits].dll\"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[8 HEXADECIMAL DIGITS]" = "rundll32.exe "%SystemDrive%\Documents and Settings\All Users\Application Data\[8 HEXADECIMAL DIGITS].dll",Launch"
Next, the Trojan gathers the following information from the compromised computer:
Operating system version
The Trojan then encodes the stolen information and sends it to the following remote location:
The Trojan then opens a back door on the compromised computer, allowing an attacker to perform malicious activities on the compromised computer.