Home Malware Programs Backdoors Win-Trojan/Bifrose.32256.T

Win-Trojan/Bifrose.32256.T

Posted: February 14, 2011

Win-Trojan/Bifrose.32256.T is a member of a Trojan family of malware designed to allow remote attackers to control the infected computer. Win-Trojan/Bifrose.32256.T and Bifrose-based Trojans may cause other damage by overwriting files and harming your security settings. Since Win-Trojan/Bifrose.32256.T and its relatives are considered highly threatening, one should delete Win-Trojan/Bifrose.32256.T very quickly, lest the system be exposed to severe damage.

Defending Yourself Against Win-Trojan/Bifrose.32256.T

Some major security scanning programs have been known to fail at detecting Win-Trojan/Bifrose.32256.T and related infections. This can be mitigated by running multiple verified security programs at all times, and having safe browser and security settings to minimize the need for malware detection at all. Keeping your software up to date is also needed; although the Bifrose family of Trojans is as old as 2004, many new variations have been spotted throughout the years.

What Happens When Win-Trojan/Bifrose.32256.T Burrows Deeper

Trojans of the Win-Trojan/Bifrose.32256.T family have been observed to attempt to 'hide' inside important OS folders such as the Windows system subfolder. Win-Trojan/Bifrose.32256.T may set all its files and other components to have the Hidden attribute, making Win-Trojan/Bifrose.32256.T effectively invisible to users who keep the default file viewing settings. It's also probable that Win-Trojan/Bifrose.32256.T will set all components to Read Only as well, which makes it difficult to kick to the Recycle Bin manually.

These self-defensive malware tactics are made worse by the tendency for Trojans within Win-Trojan/Bifrose.32256.T's category to name themselves after important system files and create copies that assume similar names. This makes it possible for Win-Trojan/Bifrose.32256.T to corrupt a necessary operating system file or even replace the file with a 'backup copy' of itself!

The Designs of Win-Trojan/Bifrose.32256.T's Criminal Creator

Win-Trojan/Bifrose.32256.T stays in line with the philosophy of other Bifrose Trojans by serving mostly as an enabler of remote attacks. Win-Trojan/Bifrose.32256.T will disable your security settings, particularly with respect to ports, to allow a remote attacker complete access to your system. At this point, there's effectively nothing the hacker can't do to your computer.

Obviously, all these threats make Win-Trojan/Bifrose.32256.T one of the worst possible infections you can get to date. You shouldn't need any encouragement to want to delete Win-Trojan/Bifrose.32256.T right away after reading this. However, be careful when embarking on a quest to remove Win-Trojan/Bifrose.32256.T, since Win-Trojan/Bifrose.32256.T may reside near or strongly resemble system files that your computer needs. Always try to use a reliable security anti-malware product before trying to delete Win-Trojan/Bifrose.32256.T yourself, since the stakes are quite high.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\Bifrost\server.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\BifrostHKEY_LOCAL_MACHINE\SOFTWARE\BifrostHKEY_LOCAL_MACHINE\SOFTWARE\MycrosnftHKEY_LOCAL_MACHINE\SOFTWARE\Mycrosnft\Active SetuNNInstalled ComponentsHKEY_LOCAL_MACHINE\SOFTWARE\Mycrosnft\Active SetuNNInstalled Components\{C5DB63F5-0A87-8A24-F231-3DB02CE7FC71}HKEY_LOCAL_MACHINE\SOFTWARE\Mycrosnft\WindowsHKEY_LOCAL_MACHINE\SOFTWARE\Mycrosnft\Windows\CurrentVersionHKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER\urrentProcessHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideostubpath = ā€œ%AppData%\Bifrost\server.exe sā€
Loading...