PoisonIvy is a virus on Microsoft Windows. It was thought to be removed everywhere, it has now somehow came back, found in some PUPs. It was created in the programming language Assembler.


When installed, it allows the virus to control the infected computer. It then opens a backdoor to allow the virus in. When in control, PoisonIvy can record or manipulate the computer or activate the webcam and speaker to record audio and video.

It accesses several websites from which it downloads and runs files. The downloads can be any type of file, although they are normally malware. It also avoids being detected by the user by using different techniques, such as injecting itself into running processes so that no unusual processes are seen. It also captures certain information entered or saved by the user, with the corresponding threat to privacy: Keystrokes, in order to obtain information for accessing online banking services, passwords and other confidential information. Screenshots of actions carried out. It then sends the gathered information to a remote user by any available means: email, FTP, etc.

It even reduces the security level of the computer, as it listens on open ports in order to control the computer remotely.