New Trojan: Backdoor.Win32.Bifrose.wg

By Toni on September 14, 2006 7:45 PM | No Comments | No TrackBacks |

Remember...
Hide your offended heart...
Keep your valued friend.
Master Chen Hai Yang

Yesterday my computer wouldn't boot up properly into Windows. It got as far a loading XP but seemed to hang, and I couldn't do a thing. I spent all of last night trying to fix it and went to bed thinking all was well. This morning when I booted up - same thing. It hung while loading the startup programs and I could only work in safe mode.

Backdoor TrojanI've had one hell of a day. I spent 3 hours this morning backing up my emails, My Documents, and other folders on the C drive I didn't want to lose. I turned off System Restore last night because there was a virus in there so didn't have the option to restore anything. My last hope was a Norton Ghost image that I'd taken back in April. Thank God I did and why didn't a back up a more recent working version? I keep asking myself these questions. Me of all people should know how important backups are.

The nasty trojan is called Backdoor.Win32.Bifrose.wg and after searching the internet last night I found a lengthy discussion all about it. This is a new trojan with very little information available. The forum article is dated September 2nd.

The following files were installed:
c:\WINDOWS\_system32.exe
c:\WINDOWS\plugin1.dat
c:\WINDOWS\system32\drivers\oreans32.sys

adds itself to Software\Microsoft\Windows\CurrentVersion\Run startkey

plus it adds itself as a service, with lots of registry entries.

I managed to uninstall the three main files without any drama, but couldn't clean the registry and when I tried to do this manually, I was denied access. Trying to delete the registry files seemed to set the trojan off and I had more problems. It's been a nightmare trying to clean up, hence the need for Norton Ghost to come to the rescue.

A comment on the site that I thought was rather silly:

And there are too many types of malware around these days.. trojans, viruses, spyware.. and seriously, who is going to run a software firewall, a resident A/V shield AND resident anti-trojan and anti-spyware applications?

Hey... I already do. I have the pro version of Zone Alarm, a paid version of Spyware Doctor, and the free AVG (which I think is one of the best antivirus programs around). Until recently I also had TeaTimer, the resident shield for Spybot Search and Destroy, and still I manage to get hit with these rotten little blighters.

I'm probably my own worst enemy when it comes to downloading nasties from the internet though. I love to test new programs and quite often visit the crack sites (notoriously nasty sites), but usually Spyware Doctor warns me of potentially dangerous sites. This one slipped past all my defences.

Categories:

Tags:

No TrackBacks

TrackBack URL: http://www.bestoday.com.au/cgi-bin/mt/mt-tb.cgi/592

Leave a comment

Twitter Updates

    follow me on Twitter

    Link Stream

    Subscribe

    Enter your Email


    Preview | Powered by FeedBlitz

    Random Entries

    Do I Really Need to Upgrade?

    Festival Weekend

    Celebrating Stress Free

    Gravatars Are Turned On In Comments

    IE 7 CSS Fixes

    How Does Your Hosting Provider Rate?

    AA Convention In Sydney

    MT 4 Rocks

    Lunch for Cooinda Court Residents

    15 Minutes of Madness

    Categories

    Archives

    Advertising

    Cheap Gas - Debt Consolidation - Credit Counseling - Arizona Pools
    Powered by Movable Type 4.21-en

    Search

    Random Pix


    pic02995.jpg


    pic06467.jpg

    Random Quote

    Ralph Waldo Emerson

    "The glory of friendship is not the outstretched hand, nor the kindly smile, nor the joy of companionship; it is the spiritual inspiration that comes to one when he discovers that someone else believes in him and is willing to trust him with his friendship."

    :: (1803-1882) American Poet, Essayist

    Recent Comments

    Sideblog Entries

    Tag Cloud