Results 1 to 3 of 3

Thread: Win32.Bifrost registry key

  1. 2010-11-04, 15:56 #1
    Lancelot
    Lancelot is offline
    Member Lancelot's Avatar
    Join Date
    Nov 2006
    Posts
    57

    Default Win32.Bifrost registry key

    Scanned and found a Win32.Bifrost trojan/registry key.

    The one and only item found:
    Win32.Bifrost
    HKEY_USERS\S-1-5-21-[maany digits here]\Software\Cerberus

    Bifrost is a trojan and according to this Wikipedia article, it is supposed to leave a file at C:\Program Files\Bifrost.

    But C:\Program Files\Bifrost does not exist on my computer. I searched for it after Spybot found it, but before Spybot fixed the problem. I searched both for Win32.Bifrost and the registry key on my computer but all searches came up empty. (I have all types of files and folders visible, it's my standard setting as I don't like anything invisible.)

    I wanted to find something so I could determine when I got the infection. Is a registry key a file that has properties like creation/edit date? It would have been useful to know when it was created.

    Wikipedia says this trojan has a keylogger. I have maybe a hundred website accounts, and as I don't know how long this registry key spy thing was on my system I don't know if it has stolen dozens of passwords.... I wonder if I have to change password everywhere?

    Maybe I did not have the trojan fully installed so maybe I never was at risk, but I would like to know.

    I'm using NIS 2007 as my main security. It has not reported any malware infection ever, but the weekly scan is tomorrow.

    If you understand something about this, please fill me in. Thank you.
  2. 2010-11-12, 09:00 #2
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Lancelot,

    Sorry for the delay.

    If you still need help, please download DDS© by sUBs from one of the links below and save it to your desktop.

    Link 1
    Link 2
    Link 3



    Please disable any script blocker before running DDS.

    • Double click on dds file and a command window will appear. This is normal.
    • Shortly after, two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save and post the logs.
    • Save the logs to a convenient location such as your desktop.
    • Copy the contents of both logs and post them in your next reply.


    Otherwise, this topic will be closed after 3 days.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  3. 2010-11-15, 12:45 #3
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Due to lack of response, this topic is now closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules