Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Bifrose.eo

20 Nov 2012   #1

Windows 7 64 bit Home Premium
 
 
Bifrose.eo

I recently performed a quick scan (MSE) and it found 3 bifrose.eo's.
I quarantined and removed them. It said it was a Backdoor and a severe threat.
Should I be safe now? Or would you suggest something else to do too?


My System SpecsSystem Spec
.

20 Nov 2012   #2

Microsoft Community Contributor Award Recipient

Win 7 Pro 64-bit
 
 

Once a computer becomes infected there's always a possibility that additional malware resides somewhere on the hard drive. It could be so deeply buried that all conventional scans fail to find it. Many experts say a clean install of the operating system and all installed programs is the way to go.

Another consideration is no anti-virus or anti-spyware is 100% effective 100% of the time. If there was such a thing we'd all be using it. But the more scans you run using different products, the more likely it is that additional malware might be found. Conversely, the more scans you run that come back clean, the more likely it is your computer is clean (but never 100% sure.) These free products are recommended. You should also run a full MSE scan (may take over an hour to complete.)

Windows Defender Offline (must be created on a malware free computer)

Malwarebytes

ESET Online Scanner

SuperAntispyware

HitmanPro

TSDDKiller

Trend Micro HouseCall (Beta version still being tested, use stable release)

If multiple scans (run just one at a time!) come back clean I'd also suggest checking for any damaged or corrupt system files. Run a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and reboot the computer after each scan.

SFC /SCANNOW Command - System File Checker

Please post back the results.
My System SpecsSystem Spec
20 Nov 2012   #3

Windows 7 64 bit Home Premium
 
 

Quote   Quote: Originally Posted by marsmimar View Post
Once a computer becomes infected there's always a possibility that additional malware resides somewhere on the hard drive. It could be so deeply buried that all conventional scans fail to find it. Many experts say a clean install of the operating system and all installed programs is the way to go.

Another consideration is no anti-virus or anti-spyware is 100% effective 100% of the time. If there was such a thing we'd all be using it. But the more scans you run using different products, the more likely it is that additional malware might be found. Conversely, the more scans you run that come back clean, the more likely it is your computer is clean (but never 100% sure.) These free products are recommended. You should also run a full MSE scan (may take over an hour to complete.)

Windows Defender Offline (must be created on a malware free computer)

Malwarebytes

ESET Online Scanner

SuperAntispyware

HitmanPro

TSDDKiller

Trend Micro HouseCall (Beta version still being tested, use stable release)

If multiple scans (run just one at a time!) come back clean I'd also suggest checking for any damaged or corrupt system files. Run a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and reboot the computer after each scan.

SFC /SCANNOW Command - System File Checker

Please post back the results.
MSE removed them.. And im running a malware bytes and another mse scan and hitman pro was clean too
My System SpecsSystem Spec
.


20 Nov 2012   #4

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Quote:
Allows backdoor access and control
Backdoor:Win32/Bifrose.EO may inject code into 'explorer.exe' and 'iexplore.exe' to bypass the firewall without the user's consent. This allows its dropped backdoor malware to attempt to contact one of the following Web sites, possibly to connect to a remote attacker:

  • hassanm.no-ip.org
  • kaboos.no-ip.org

Note that because of the generic nature of this detection, some samples of Backdoor:Win32/Bifrose.EO may be able to perform more specific backdoor functionalities.
Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection Center

Change all passwords for accounts (e.g. banking, forums, Facebook etc.) accessed from this this computer on a different, known clean computer. Change this computers login password/s once you have established it is completely free of malware.

Once clean, check that the firewall is enabled.
My System SpecsSystem Spec
20 Nov 2012   #5

Windows 7 64 bit Home Premium
 
 

Quote   Quote: Originally Posted by Golden View Post
Quote:
Allows backdoor access and control
Backdoor:Win32/Bifrose.EO may inject code into 'explorer.exe' and 'iexplore.exe' to bypass the firewall without the user's consent. This allows its dropped backdoor malware to attempt to contact one of the following Web sites, possibly to connect to a remote attacker:

  • hassanm.no-ip.org
  • kaboos.no-ip.org

Note that because of the generic nature of this detection, some samples of Backdoor:Win32/Bifrose.EO may be able to perform more specific backdoor functionalities.
Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection Center

Change all passwords for accounts (e.g. banking, forums, Facebook etc.) accessed from this this computer on a different, known clean computer. Change this computers login password/s once you have established it is completely free of malware.

Once clean, check that the firewall is enabled.
The firewall is in fact ENABLED. I looked up the registry keys associated with the trojan and I cannot seem to find them. Malware bytes came clean, hitman pro came clean, tdss killer came clean, super anti spyware came clean. I am waiting for the rescan of mse atm, I am running full scans so it is taking a while. after that I'm going to scan with the microsoft tool suggested here
Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection Center
If these all come clean, do you think I'm ok? It may have blocked it before it did anything. I know what it was from too.
How do I check the
  • hassanm.no-ip.org
  • kaboos.no-ip.org
Thing you were talking about?
My System SpecsSystem Spec
20 Nov 2012   #6

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

If MSE comes up clean, then I would say you are OK....but......it won't hurt to do one more using ESET's on-line scanner:
Free Online Virus Scanner | ESET

You can't check for those sites directly - they are the remote sites used for attacks if it gets that far.
My System SpecsSystem Spec
20 Nov 2012   #7

Windows 7 64 bit Home Premium
 
 

Quote   Quote: Originally Posted by Golden View Post
If MSE comes up clean, then I would say you are OK....but......it won't hurt to do one more using ESET's on-line scanner:
Free Online Virus Scanner | ESET

You can't check for those sites directly - they are the remote sites used for attacks if it gets that far.
Ok thanks, I deal with hundreds if not thousands of dollars with my Minecraft server.
I can't afford to have this on my PC, nobody can these days.
I hope it's clean. Everything has came up clean. It's not FUD obviously, It was clear as day. Could it possibly have blocked it before anything happened? I have none of the symptoms associated with it.
But my LIVE account was hacked a few days ago, That or my password messed up which it has before. I got it back with no problem. It has happened before and it was just me being stupid and not entering it right.
My System SpecsSystem Spec
20 Nov 2012   #8

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Quote   Quote: Originally Posted by irbullet View Post
Could it possibly have blocked it before anything happened?
Yes, its quite possible you caught it in time - monitor your system closely.

Quote   Quote: Originally Posted by irbullet View Post
But my LIVE account was hacked a few days ago, That or my password messed up which it has before. I got it back with no problem. It has happened before and it was just me being stupid and not entering it right.
Hence my suggestion about passwords, err on the side of caution.
My System SpecsSystem Spec
20 Nov 2012   #9

Windows 7 64 bit Home Premium
 
 

Quote   Quote: Originally Posted by Golden View Post
Quote   Quote: Originally Posted by irbullet View Post
Could it possibly have blocked it before anything happened?
Yes, its quite possible you caught it in time - monitor your system closely.

Quote   Quote: Originally Posted by irbullet View Post
But my LIVE account was hacked a few days ago, That or my password messed up which it has before. I got it back with no problem. It has happened before and it was just me being stupid and not entering it right.
Hence my suggestion about passwords, err on the side of caution.
thank you so much.
I will come back with my results.
The main reason I don't want to reinstall which would be easy for me is because I have like 90 games installed on steam.. I play most of them.
My System SpecsSystem Spec
20 Nov 2012   #10

Windows 7 64 bit Home Premium
 
 

Update:
They all have came back clean. MSE found one thing but it was just a hacktool, it wasn't malicious.
But no more traces of the bifrose.eo!
I hope I'm good now.
My System SpecsSystem Spec
Reply

 Bifrose.eo




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:17 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33