Bifrose.eo

[irbullet]

I recently performed a quick scan (MSE) and it found 3 bifrose.eo's.
I quarantined and removed them. It said it was a Backdoor and a severe threat.
Should I be safe now? Or would you suggest something else to do too?

 

[marsmimar]

Once a computer becomes infected there's always a possibility that additional malware resides somewhere on the hard drive. It could be so deeply buried that all conventional scans fail to find it. Many experts say a clean install of the operating system and all installed programs is the way to go.

Another consideration is no anti-virus or anti-spyware is 100% effective 100% of the time. If there was such a thing we'd all be using it. But the more scans you run using different products, the more likely it is that additional malware might be found. Conversely, the more scans you run that come back clean, the more likely it is your computer is clean (but never 100% sure.) These free products are recommended. You should also run a full MSE scan (may take over an hour to complete.)

Windows Defender Offline (must be created on a malware free computer)

Malwarebytes

ESET Online Scanner

SuperAntispyware

HitmanPro

TSDDKiller

Trend Micro HouseCall (Beta version still being tested, use stable release)

If multiple scans (run just one at a time!) come back clean I'd also suggest checking for any damaged or corrupt system files. Run a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and reboot the computer after each scan.

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Please post back the results.

 

[irbullet]

Once a computer becomes infected there's always a possibility that additional malware resides somewhere on the hard drive. It could be so deeply buried that all conventional scans fail to find it. Many experts say a clean install of the operating system and all installed programs is the way to go.

Another consideration is no anti-virus or anti-spyware is 100% effective 100% of the time. If there was such a thing we'd all be using it. But the more scans you run using different products, the more likely it is that additional malware might be found. Conversely, the more scans you run that come back clean, the more likely it is your computer is clean (but never 100% sure.) These free products are recommended. You should also run a full MSE scan (may take over an hour to complete.)

Windows Defender Offline (must be created on a malware free computer)

Malwarebytes

ESET Online Scanner

SuperAntispyware

HitmanPro

TSDDKiller

Trend Micro HouseCall (Beta version still being tested, use stable release)

If multiple scans (run just one at a time!) come back clean I'd also suggest checking for any damaged or corrupt system files. Run a system file checker scan from an elevated command prompt (option two.) If problems are found, run the scan 3 times and reboot the computer after each scan.

http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Please post back the results.

MSE removed them.. And im running a malware bytes and another mse scan and hitman pro was clean too

 

[Golden]

Allows backdoor access and control
Backdoor:Win32/Bifrose.EO may inject code into 'explorer.exe' and 'iexplore.exe' to bypass the firewall without the user's consent. This allows its dropped backdoor malware to attempt to contact one of the following Web sites, possibly to connect to a remote attacker:

• hassanm.no-ip.org
• kaboos.no-ip.org

Note that because of the generic nature of this detection, some samples of Backdoor:Win32/Bifrose.EO may be able to perform more specific backdoor functionalities.

Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection Center

Change all passwords for accounts (e.g. banking, forums, Facebook etc.) accessed from this this computer on a different, known clean computer. Change this computers login password/s once you have established it is completely free of malware.

Once clean, check that the firewall is enabled.

 

[irbullet]

Allows backdoor access and control
Backdoor:Win32/Bifrose.EO may inject code into 'explorer.exe' and 'iexplore.exe' to bypass the firewall without the user's consent. This allows its dropped backdoor malware to attempt to contact one of the following Web sites, possibly to connect to a remote attacker:

• hassanm.no-ip.org
• kaboos.no-ip.org

Note that because of the generic nature of this detection, some samples of Backdoor:Win32/Bifrose.EO may be able to perform more specific backdoor functionalities.

Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection Center

Change all passwords for accounts (e.g. banking, forums, Facebook etc.) accessed from this this computer on a different, known clean computer. Change this computers login password/s once you have established it is completely free of malware.

Once clean, check that the firewall is enabled.

The firewall is in fact ENABLED. I looked up the registry keys associated with the trojan and I cannot seem to find them. Malware bytes came clean, hitman pro came clean, tdss killer came clean, super anti spyware came clean. I am waiting for the rescan of mse atm, I am running full scans so it is taking a while. after that I'm going to scan with the microsoft tool suggested here
Encyclopedia entry: Backdoor:Win32/Bifrose.EO - Learn more about malware - Microsoft Malware Protection Center
If these all come clean, do you think I'm ok? It may have blocked it before it did anything. I know what it was from too.
How do I check the

• hassanm.no-ip.org
• kaboos.no-ip.org

Thing you were talking about?

 

[Golden]

If MSE comes up clean, then I would say you are OK....but......it won't hurt to do one more using ESET's on-line scanner:
Free Online Virus Scanner | ESET

You can't check for those sites directly - they are the remote sites used for attacks if it gets that far.

 

[irbullet]

If MSE comes up clean, then I would say you are OK....but......it won't hurt to do one more using ESET's on-line scanner:
Free Online Virus Scanner | ESET

You can't check for those sites directly - they are the remote sites used for attacks if it gets that far.

Ok thanks, I deal with hundreds if not thousands of dollars with my Minecraft server.
I can't afford to have this on my PC, nobody can these days.
I hope it's clean. Everything has came up clean. It's not FUD obviously, It was clear as day. Could it possibly have blocked it before anything happened? I have none of the symptoms associated with it.
But my LIVE account was hacked a few days ago, That or my password messed up which it has before. I got it back with no problem. It has happened before and it was just me being stupid and not entering it right.

 

[Golden]

Could it possibly have blocked it before anything happened?

Yes, its quite possible you caught it in time - monitor your system closely.

But my LIVE account was hacked a few days ago, That or my password messed up which it has before. I got it back with no problem. It has happened before and it was just me being stupid and not entering it right.

Hence my suggestion about passwords, err on the side of caution.

 

[irbullet]

Could it possibly have blocked it before anything happened?

Yes, its quite possible you caught it in time - monitor your system closely.

But my LIVE account was hacked a few days ago, That or my password messed up which it has before. I got it back with no problem. It has happened before and it was just me being stupid and not entering it right.

Hence my suggestion about passwords, err on the side of caution.

thank you so much.
I will come back with my results.
The main reason I don't want to reinstall which would be easy for me is because I have like 90 games installed on steam.. I play most of them.

 

[irbullet]

Update:
They all have came back clean. MSE found one thing but it was just a hacktool, it wasn't malicious.
But no more traces of the bifrose.eo!
I hope I'm good now.

 

[Jacee]

Change your password and write it down ... save in your undies drawer (or safe place of your choosing

You're running a Minecraft server, be diligent with your's and your users' accounts!!

 

[irbullet]

Change your password and write it down ... save in your undies drawer (or safe place of your choosing

You're running a Minecraft server, be diligent with your's and your users' accounts!!

Thanks, And I know, If somebody got access. It has many many many many many ip's logged and other stuff on the server account.
That'd be bad.