New
#1
Bifrose.eo
I recently performed a quick scan (MSE) and it found 3 bifrose.eo's.
I quarantined and removed them. It said it was a Backdoor and a severe threat.
Should I be safe now? Or would you suggest something else to do too?
I recently performed a quick scan (MSE) and it found 3 bifrose.eo's.
I quarantined and removed them. It said it was a Backdoor and a severe threat.
Should I be safe now? Or would you suggest something else to do too?
Once a computer becomes infected there's always a possibility that additional malware resides somewhere on the hard drive. It could be so deeply buried that all conventional scans fail to find it. Many experts say a clean install of the operating system and all installed programs is the way to go.
Another consideration is no anti-virus or anti-spyware is 100% effective 100% of the time. If there was such a thing we'd all be using it. But the more scans you run using different products, the more likely it is that additional malware might be found. Conversely, the more scans you run that come back clean, the more likely it is your computer is clean (but never 100% sure.) These free products are recommended. You should also run a full MSE scan (may take over an hour to complete.)
Windows Defender Offline (must be created on a malware free computer)
Malwarebytes
ESET Online Scanner
SuperAntispyware
HitmanPro
TSDDKiller
Trend Micro HouseCall (Beta version still being tested, use stable release)
If multiple scans (run just one at a time!) come back clean I'd also suggest checking for any damaged or corrupt system files. Run a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and reboot the computer after each scan.
SFC /SCANNOW Command - System File Checker
Please post back the results.
Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection CenterAllows backdoor access and control
Backdoor:Win32/Bifrose.EO may inject code into 'explorer.exe' and 'iexplore.exe' to bypass the firewall without the user's consent. This allows its dropped backdoor malware to attempt to contact one of the following Web sites, possibly to connect to a remote attacker:
- hassanm.no-ip.org
- kaboos.no-ip.org
Note that because of the generic nature of this detection, some samples of Backdoor:Win32/Bifrose.EO may be able to perform more specific backdoor functionalities.
Change all passwords for accounts (e.g. banking, forums, Facebook etc.) accessed from this this computer on a different, known clean computer. Change this computers login password/s once you have established it is completely free of malware.
Once clean, check that the firewall is enabled.
The firewall is in fact ENABLED. I looked up the registry keys associated with the trojan and I cannot seem to find them. Malware bytes came clean, hitman pro came clean, tdss killer came clean, super anti spyware came clean. I am waiting for the rescan of mse atm, I am running full scans so it is taking a while. after that I'm going to scan with the microsoft tool suggested here
Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection Center
If these all come clean, do you think I'm ok? It may have blocked it before it did anything. I know what it was from too.
How do I check the
- hassanm.no-ip.org
- kaboos.no-ip.org
Thing you were talking about?
If MSE comes up clean, then I would say you are OK....but......it won't hurt to do one more using ESET's on-line scanner:
Free Online Virus Scanner | ESET
You can't check for those sites directly - they are the remote sites used for attacks if it gets that far.
Ok thanks, I deal with hundreds if not thousands of dollars with my Minecraft server.
I can't afford to have this on my PC, nobody can these days.
I hope it's clean. Everything has came up clean. It's not FUD obviously, It was clear as day. Could it possibly have blocked it before anything happened? I have none of the symptoms associated with it.
But my LIVE account was hacked a few days ago, That or my password messed up which it has before. I got it back with no problem. It has happened before and it was just me being stupid and not entering it right.
Update:
They all have came back clean. MSE found one thing but it was just a hacktool, it wasn't malicious.
But no more traces of the bifrose.eo!
I hope I'm good now.