Hello,it is a backdoor trojan that connects to a remote IP address using either TCP port 81 or a random port. It allows an attacker to access the computer.
The Bifrose trojan family is highly configurable. Thus, the locations of their installed files on an infected computer and the TCP ports they use to connect may vary. They allow an attacker to perform any of the following actions on the affected machine:
•Manage running processes
•Manipulate files or registry data
•Obtain installed program details
•System shutdown or reboot
and can also download these dangerous items.
We should look at a few things as it may have survived in the Boot sector.MiniToolBox
Please download MiniToolBox
, save it to your desktop and run it.Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size.
and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note:
When using "Reset FF Proxy Settings" option Firefox should be closed.
Please run these now........
Please download Rkill
by Grinler and save it to your desktop.Link 1Link 2
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista, right-click on it and Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.
Please Download TDSSkiller
Click on change parameters-Select TDLFS file system
Click on "Scan
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.
Please download aswMBR
( 4.5MB ) to your desktop.
- Double click the aswMBR.exe icon, and click Run.
- When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
- Click the Scan button to start the scan.
- On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
Reboot back to Normal mode as I'd like us to scan your machine with ESET OnlineScan
- Hold down Control and click on this link to open ESET OnlineScan in a new window.
- Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
icon on your desktop.
- Click the Start button.
- Accept any security warnings from your browser.
- Under scan settings, check "Scan Archives" and "Remove found threats"
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click List Threats
- Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Click the Back button.
- Click the Finish button.
Sometimes if ESET finds no infections it will not create a log.