Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BIFROSE.TRACE


  • Please log in to reply
5 replies to this topic

#1 rick_niec

rick_niec

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 25 February 2012 - 11:00 AM

When i scanned my pc with malwarebytes , the scan showed 2 infected files named Bifrose.trace . even though log tells that it has been quarantined and deleted succesfully but i still fear. Is bifrose.trace a potential threat or not. Please help me what to do in order to ensure that my system is safe.
Also,
even though the scans do not show any trojan threat , earlier scans showed win32.bat file , but it was repaired so i just want to ensure that there is no threat to the system, so please tell that is there any sound and perfect method to see that whether the system is secure or not.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 PM

Posted 25 February 2012 - 11:29 AM

Hello and welcome. We can run these and see if anything is left here.

Please download and scan with Dr.Web CureIt - alternate download link.
Follow these instructions for performing a scan in "safe mode".
If you cannot boot into safe mode or complete a scan, then try doing it in normal mode. Be aware, this scan could take a long time to complete.
-- Post the log in your next reply. If you can't find the log, try to write down what was detected/removed before exiting Dr.WebCureIt so you can provide that information.


Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.

Please download and scan with SUPERAntiSpyware Free
-- If you already use SUPERAntispyware, make sure you are using the most current version as it is frequently updated.
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • Follow these instructions: How to use SUPERAntiSpyware to scan and remove malware from your computer Guide.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner (listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select FULL scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.

Edited by boopme, 25 February 2012 - 11:30 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rick_niec

rick_niec
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 26 February 2012 - 06:50 AM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/26/2012 at 04:13 PM

Application Version : 5.0.1144

Core Rules Database Version : 8279
Trace Rules Database Version: 6091

Scan type : Complete Scan
Total Scan Time : 00:42:28

Operating System Information
Windows XP Professional 32-bit, Service Pack 2 (Build 5.01.2600)
Administrator

Memory items scanned : 686
Memory threats detected : 0
Registry items scanned : 33729
Registry threats detected : 0
File items scanned : 21275
File threats detected : 5

Heuristic.Agent/Gen-Dropper
E:\GAMES\SETUP\CIVILISATION\CRACK\SD4HIDE.EXE
E:\GAMES\SID MEIER'S CIVILIZATION 4\SD4HIDE.EXE

Trojan.Agent/Gen-Faldesc
E:\SOFTWARES\GOOGLE EARTH PLUS V6.0.3.2197 + CRACK\CRACK\CRACK\GOOGLE.EARTH.PLUS.6.0.2.2074-MPT.EXE

Trojan.Agent/Gen-FraudPack
E:\SOFTWARES\GOOGLEHACKSSETUP1.6.3.EXE

PotentiallyUnwanted.SoftonicDownloader
E:\SYSTEM VOLUME INFORMATION\_RESTORE{61DC134F-EC80-45FC-A093-7B82356EF758}\RP76\A0028774.EXE

Dr.WEB CureIt Scan LOG showed
OBJECT PATH STATUS ACTION
autorun.inf H: probably WIN32.HLLW.autoruner.corrupted device is disk protected no action taken

A0028754.exe C:\System Volume information\_restore... Adware.Downware.82 Deleted
autorun.inf C:\System Volume information\_restore... Trojan.Fakealert.20721 Deleted

Malware bytes showed no threat

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 PM

Posted 26 February 2012 - 04:28 PM

Hello, lets run these now to be sure its off.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.

As you have cracked software on here I cannot guarantee how long before it installs more malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 rick_niec

rick_niec
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 27 February 2012 - 07:10 AM

C:\Documents and Settings\user\Desktop\New Folder\Foreign relations of India - Wikipedia, the free encyclopedia_files\extra.js HTML/Iframe.B.Gen virus deleted - quarantined
C:\Documents and Settings\user\Desktop\New Folder\Foreign relations of India - Wikipedia, the free encyclopedia_files\script.js JS/TrojanClicker.Agent.NCX trojan cleaned by deleting - quarantined
C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojjnnkkihhmnjphijokfgoefjokebbho\1.3.0_0\go.js JS/TrojanClicker.Agent.NCX.Gen trojan cleaned by deleting - quarantined
E:\Softwares\PCSafeDoctor_Setup.exe multiple threats deleted - quarantined

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:01 PM

Posted 27 February 2012 - 02:37 PM

OK, looks like there is none here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users