Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32: Bifrose-EKO trojan Infection


  • Please log in to reply
No replies to this topic

#1 ryujin

ryujin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:25 AM

Posted 22 May 2010 - 09:04 PM

INFECTION: WIN32: BIFROSE-EKO TROJAN
Detected by: Malwarebytes, AVAST 5(fail)


AVAST5 ANALYSIS:
OBJECT: C:\USERS\ME\APPDATA\ROAMING\LOGS\MICROSOFT.LOG
PROCESS INFECTED : C:\WINDOWS\EXPLORER.EXE

I was installing an emulator for ps 2 which I have downloaded from www.thepiratebay.org
I scanned it and and my Avast 5 detected a win32 agent from its KEYGEN. I ignored it but when I try to install it always blocks the installation process.

I knew that it was because of my avast and I also thought that this was a false positive.
so I disabled my avast shields for 10 minutes (my wrong move) then I installed the emulator.
After Clicking the .exe I saw a dialog box showing "extracting" then after 10 secs nothing happened,(uh oh).

I opened my task manager and saw 4 iexplorer process which I know is bad because I never opened IE and that there were 4 same process
at the same time which was not even active before I installed the ps2 emulator.(I always check task manager.)

Then after I end those 4 maliciouse iexplorer.exe processes I enabled all my avast shields..the next is tragedy
after enabling it after a few minutes avast always shows a pop-up(alert) saying this:

TROJAN HORSE BLOCKED
OBJECT: C:\USERS\ME\APPDATA\ROAMING\LOGS\MICROSOFT.LOG
INFECTION: WIN32:BIFROSE-EKO TROJAN
PROCESS INFECTED : C:\WINDOWS\EXPLORER.EXE




and was moved to chest.
Then I deleted the infected file in the virus chest(deleted).
after few moments the same warning popped-up saying the same infection. The same thing happens over and over. I am happy that my Avast is blocking it at the moment. I already have a hundred of it in my virus chest. and after I delete it ,same thing happens.



Well thats all. I hope I gave a very detailed explanation on how I was infected.
Please help me with this infection. Thanks.

Feel free to reply to me! :thumbsup:

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users