PDA

View Full Version : Win32.Bifrost registry key



Lancelot
2010-11-04, 16:56
Scanned and found a Win32.Bifrost trojan/registry key.

The one and only item found:

Win32.Bifrost
HKEY_USERS\S-1-5-21-[maany digits here]\Software\Cerberus

Bifrost is a trojan and according to this Wikipedia article (http://en.wikipedia.org/wiki/Bifrost_(trojan_horse)), it is supposed to leave a file at C:\Program Files\Bifrost.

But C:\Program Files\Bifrost does not exist on my computer. I searched for it after Spybot found it, but before Spybot fixed the problem. I searched both for Win32.Bifrost and the registry key on my computer but all searches came up empty. (I have all types of files and folders visible, it's my standard setting as I don't like anything invisible.)

I wanted to find something so I could determine when I got the infection. Is a registry key a file that has properties like creation/edit date? It would have been useful to know when it was created.

Wikipedia says this trojan has a keylogger. I have maybe a hundred website accounts, and as I don't know how long this registry key spy thing was on my system I don't know if it has stolen dozens of passwords.... I wonder if I have to change password everywhere? :blink:

Maybe I did not have the trojan fully installed so maybe I never was at risk, but I would like to know.

I'm using NIS 2007 as my main security. It has not reported any malware infection ever, but the weekly scan is tomorrow.

If you understand something about this, please fill me in. Thank you.

Jack&Jill
2010-11-12, 10:00
Hello Lancelot,

Sorry for the delay.

If you still need help, please download DDS© by sUBs from one of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Link 3 (http://www.infospyware.net/sUBs/dds)

http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif

Please disable any script blocker before running DDS.


Double click on dds file and a command window will appear. This is normal.
Shortly after, two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save and post the logs.
Save the logs to a convenient location such as your desktop.
Copy the contents of both logs and post them in your next reply.

Otherwise, this topic will be closed after 3 days.

Jack&Jill
2010-11-15, 13:45
Due to lack of response, this topic is now closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log. (http://forums.spybot.info/showpost.php?p=1150&postcount=2)

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.