This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects the network activity generated by Trojan.Cidox.B which could lead to the infected system being compromised to remote hosts.
When the Trojan is executed, it creates the following files:
The Trojan then creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"~backup~" = "%UserProfile%/My Documents/AppData/explorer.exe"
The Trojan has virtual machine detection capabilities.
It searches for and disables security products from the following vendors:
Microsoft Security Essentials
The Trojan can inject code in the following browsers:
The Trojan may then redirect the above browsers to any of the following remote locations:
Next, the Trojan gathers the following information from the compromised computer and sends it to one of the above remote locations:
Operating system version
Virtual machine details, if present
The Trojan may also modify the HTTP request header to make it appear to be coming from another location.