Home Malware Programs Backdoors Backdoor.Win32.Bifrose.aajx

Backdoor.Win32.Bifrose.aajx

Posted: November 21, 2011

Threat Metric

Threat Level: 8/10
Infected PCs: 82
First Seen: November 21, 2011
Last Seen: April 21, 2023
OS(es) Affected: Windows

Although Facebook-users should be well-used to being exposed to scams by now, the hacktivist group known as Anonymous may be responsible for introducing a particularly-dangerous new scam to the waters of Facebook's social wading pool. This new PC threat, a variant of Bifrose-based backdoor Trojans, distributes itself via fake Facebook video updates and, once installed, will allow remote criminals a substantial level of access to an infected PC. SpywareRemove.com malware researchers recommend that anyone who is exposed to Backdoor.Win32.Bifrose.aajx (which is also known as the Guy Fawkes virus) should immediately scan their computers with competent anti-malware programs to make sure that their operating systems haven't been compromised by security alterations and other attacks. However, as long as you avoid this Fawkes virus link while you're using Facebook, you should have little to fear from current forms of this Anonymous attack.

Backdoor.Win32.Bifrose.aajx: Not Quite the Virus of Anonymous's Boasts, but Close Enough to Harm Your PC

Backdoor.Win32.Bifrose.aajx is distributed, like many other types of PC threats, by way of mislabeled Facebook links that pretend to offer video chat features, instead of what they're really offering, which is the installation of a backdoor Trojan. Other than the general lack of functionality in the link itself, you may not see symptoms of Backdoor.Win32.Bifrose.aajx being installed or attacking your PC. The majority of the traits that the hacker-activist group Anonymous claimed to be a part of their latest PC threat to 'destroy Facebook' are found in Backdoor.Win32.Bifrose.aajx, including:

  • Infecting the system processes for Internet Explorer, allowing Backdoor.Win32.Bifrose.aajx to launch whenever IE does without an independent process that could be detected or shut down.
  • Monitoring keystrokes (AKA typing) from your keyboard, storing this information in log files and sending these log files to external servers on a pre-scheduled basis.
  • Disabling anti-malware programs by attacking their system processes.
  • Allowing criminal hackers to control your PC via a remote Egypt-based command server.

Solid Protection Against the Fawkes Virus Hacking Spree

Despite possessing characteristic backdoor Trojan traits, SpywareRemove.com malware experts have found that this apparent Fawkes virus lacks any ability to propagate by copying itself or infecting new system processes, and so, must use Facebook to spread to new computers. Backdoor.Win32.Bifrose.aajx is also identified by the aliases Trojan.WIN32.BUZUS.GWUD and BCK/BIFROST.GEN, and, based on the Arabic text of its Facebook link, appears to be focused on infecting Middle-Eastern Facebook-users.

Once translated from Arabic, this Fawkes virus link claims to provide a new 'New Facebook Video Chat with Voice Features' functionality. As long as you avoid interacting with this fake link, Backdoor.Win32.Bifrose.aajx shouldn't be able to infect your PC, although anti-malware software may be required to remove Backdoor.Win32.Bifrose.aajx, once the infection has occurred. As of mid-November 2011, Backdoor.Win32.Bifrose.aajx is still a very recent PC threat, and you should be prepared with fully-patched security software to have a good chance of detecting or deleting a Backdoor.Win32.Bifrose.aajx infection, if your PC is attacked.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



kavsvc.exe File name: kavsvc.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
cpf.exe File name: cpf.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
kav.exe File name: kav.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
umxtray.exe File name: umxtray.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Loading...