Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:22/12/2008
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:No
File size:~ 82.545 Bytes
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Kaspersky: Trojan.Win32.Buzus.aemx
   •  F-Secure: Trojan.Win32.Buzus.aemx
   •  Sophos: Troj/Agent-HTK
   •  Eset: Win32/Injector.A trojan
   •  Bitdefender: Trojan.Bifrose.NCO

Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003

Side effects:
   • Registry modification
   • Third party control

 Files It copies itself to the following location:
   • %WINDIR%\Bifrost\server.exe

It deletes the initially executed copy of itself.

 Registry The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
   • "stubpath"="%WINDIR%\Bifrost\server.exe"

 Backdoor Contact server:
The following:
   • 1g**********

As a result it may send information and remote control could be provided.

 File details Programming language:
The malware program was written in Delphi.

Description inserted by Thomas Wegele on Tuesday, December 23, 2008
Description updated by Thomas Wegele on Tuesday, December 23, 2008

Back . . . .