Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Backdoor.win32.bifrose.aej HELP!


  • Please log in to reply

#1
nytro2413

nytro2413

    Member

  • Member
  • PipPip
  • 16 posts
So i play waorld of warcraft and today when i tried logging in i got a warning that my computer was infected with Backdoor.win32.bifrose.aej. i completed all the steps and scans, all though for some reason i couldent get a log for avg , dont know why cause i had the box unchecked.......anyway heres the logs. Thanks!!

SUPERAntiSpyware Scan Log
Generated 09/05/2007 at 08:30 PM

Application Version : 3.6.1000

Core Rules Database Version : 3300
Trace Rules Database Version: 1306

Scan type : Complete Scan
Total Scan Time : 01:33:19

Memory items scanned : 334
Memory threats detected : 0
Registry items scanned : 5391
Registry threats detected : 0
File items scanned : 49237
File threats detected : 51

Adware.180solutions/Seekmo
C:\Program Files\Seekmo Programs\Seekmo Toolbar
C:\Program Files\Seekmo Programs

Adware.Zango Toolbar/Hb
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoOI\static
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoOI
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoOL\static
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoOL
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\1
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.txt
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.idx
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.cdf
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.txt
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.txt
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\samplegroups2reg.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.res
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad\zango.xip
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static\DownLoad
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar\static
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0\ZangoToolbar
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\v3.0
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar\zbar.log
C:\Documents and Settings\Nytro\Application Data\ZangoToolbar



Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nytro\Cookies\nytro@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nytro\Cookies\nytro@adrevolver[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Nytro\Cookies\nytro@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Nytro\Cookies\nytro@doubleclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Nytro\Cookies\nytro@media.adrevolver[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Nytro\Cookies\nytro@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Nytro\Cookies\nytro@xiti[1].txt
Virus:Generic Trojan Disinfected C:\Program Files\Warcraft III\Install.exe
Virus:Generic Trojan Disinfected C:\Program Files\Warcraft III\Warcraft_III_v1.21a_Battle.net_and_No-CD_Loader\v1.21a Loader\Install.exe
Virus:Generic Malware Not disinfected D:\Files\Programs\crd-akla.rar[Setup.zip][Setup/xpadvancedkeylogger.exe]
Virus:Generic Malware Disinfected D:\System Volume Information\_restore{86828972-6B1E-4D12-AE6C-44035DB51D04}\RP75\A0008109.EXE
Adware:Adware/Trymedia Not disinfected D:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003933.exe
Adware:Adware/Trymedia Not disinfected D:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003934.exe
Potentially unwanted tool:Application/PerfectKeyLog.A Not disinfected D:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP22\A0003935.exe
Potentially unwanted tool:Application/Eblaster Not disinfected D:\System Volume Information\_restore{9FF06C15-61F0-4448-A027-533D9433D656}\RP35\A0019913.exe



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32:17 PM, on 9/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Nytro\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [AOLRebootNeeded] regsvr32.exe /s
O4 - HKCU\..\Run: [uTorrent] "D:\Files\Programs\utorrent-1.3.2-beta-build-401.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41e1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://webcam5.hrz.t...activex/AMC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://87.245.83.189/activex/AMC.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6073 bytes
  • 0

Advertisements


#2
nytro2413

nytro2413

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Ok so after the last scan i forgot to try wow again and now the warning is gone so im not sure if it is fixed or not.

Edited by nytro2413, 05 September 2007 - 09:57 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP