Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:BDS/Bifrost.AQ
Date discovered:22/12/2008
Type:Backdoor Server
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Medium
Static file:No
File size:~ 82.545 Bytes
IVDF version:7.01.01.21 - Monday, December 22, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan.Win32.Buzus.aemx
   •  F-Secure: Trojan.Win32.Buzus.aemx
   •  Sophos: Troj/Agent-HTK
   •  Eset: Win32/Injector.A trojan
   •  Bitdefender: Trojan.Bifrose.NCO


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Registry modification
   • Third party control

 Files It copies itself to the following location:
   • %WINDIR%\Bifrost\server.exe



It deletes the initially executed copy of itself.

 Registry The following registry key is added in order to run the process after reboot:

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\
   {9D71D88C-C598-4935-C5D1-43AA4DB90836}]
   • "stubpath"="%WINDIR%\Bifrost\server.exe"

 Backdoor Contact server:
The following:
   • 1g**********.no-ip.org:81

As a result it may send information and remote control could be provided.

 File details Programming language:
The malware program was written in Delphi.

Description inserted by Thomas Wegele on Tuesday, December 23, 2008
Description updated by Thomas Wegele on Tuesday, December 23, 2008

Back . . . .