Thursday, October 16, 2008

Bifrost Trojan

Removing Bifrost
Categories: Trojan,Backdoor
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Bifrost Also known as:

[Kaspersky]Trojan.Win32.Pakes,Backdoor.Win32.Bifrose.bk,Backdoor.Win32.Bifrose.ri,Backdoor.Win32.Bifrose.aba,Backdoor.Win32.Bifrose.axe,Trojan-Dropper.Win32.Delf.wj,Backdoor.Win32.Bifrose.adr,Backdoor.Win32.Bifrose.yg;
[McAfee]Backdoor-CEP.svr,BackDoor-CEP,BackDoor-CEP.svr,BackDoor-CWT.dr;
[F-Prot]W32/BifrostX.DKP,W32/Trojan.CTU;
[Other]Bifrose.D,Win32/Bifrost!generic,Backdoor.Bifrose,Win32/Bifrost.BN,Troj/Delf-EXC,Win32/Bifrost.BS,VirTool:Win32/Obfuscator.C,BKDR_BIFROSE.QV,Troj/Bckdr-PQZ,Win32/Bifrost.CG,W32/Bifrose.JGK,Win32/Bifrost.CM,W32/Delf.ATGM,Trojan:Win32/Meredrop,Trojan Horse,Win32/Bifrose.ACI,Backdoor.Bifrose.E
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe

How to detect Bifrost:

Files:
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe
[%SYSTEM%]\plugin1.dat
[%SYSTEM%]\SysPr.prx
[%WINDOWS%]\plugin1.dat
[%WINDOWS%]\SysPr.prx
[%PROFILE%]\Local Settings\otynb.exe
[%PROFILE_TEMP%]\vndoe.exe
[%SYSTEM%]\Movesearch.exe
[%SYSTEM%]\msconf.exe
[%SYSTEM%]\serier.exe
[%SYSTEM%]\vndoe.exe
[%SYSTEM%]\Wintemp.exe
[%WINDOWS%]\msnmess79.exe

Folders:
[%PROGRAM_FILES%]\Bifrost
[%PROGRAM_FILES%]\Nvidia Mgr

Registry Keys:
HKEY_CURRENT_USER\software\wget
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9b71d88c-c598-4935-c5d1-43aa4db90836}
HKEY_LOCAL_MACHINE\software\wget
HKEY_LOCAL_MACHINE\software\xvid
HKEY_CURRENT_USER\software\bifrost
HKEY_CURRENT_USER\software\nvidia manager
HKEY_CURRENT_USER\software\skav
HKEY_CURRENT_USER\software\skavx
HKEY_LOCAL_MACHINE\software\bifrost
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4535f32f-d292-b784-7926-7419ade0a94b}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{df709a68-7856-4acf-2b73-8e9a4693507c}
HKEY_LOCAL_MACHINE\software\mscrop
HKEY_LOCAL_MACHINE\software\skav
HKEY_LOCAL_MACHINE\software\skavx

Registry Values:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\mscrop
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a5cdf7ec-751b-46aa-ad69-4005fe080de8}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{a5cdf7ec-751b-46aa-ad69-4005fe080de9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\nvidia manager

Removing Bifrost:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
BBot Trojan Cleaner
Removing TrojanDownloader.Win32.Rameh Trojan
Removing Delf.cw Trojan
DomainHelper Adware Removal instruction
Zlob.Fam.Protection Tools Trojan Symptoms

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)