Backdoor.Win32.Bifrose.aajx
Posted: November 21, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 8/10 |
---|---|
Infected PCs: | 82 |
First Seen: | November 21, 2011 |
---|---|
Last Seen: | April 21, 2023 |
OS(es) Affected: | Windows |
Although Facebook-users should be well-used to being exposed to scams by now, the hacktivist group known as Anonymous may be responsible for introducing a particularly-dangerous new scam to the waters of Facebook's social wading pool. This new PC threat, a variant of Bifrose-based backdoor Trojans, distributes itself via fake Facebook video updates and, once installed, will allow remote criminals a substantial level of access to an infected PC. SpywareRemove.com malware researchers recommend that anyone who is exposed to Backdoor.Win32.Bifrose.aajx (which is also known as the Guy Fawkes virus) should immediately scan their computers with competent anti-malware programs to make sure that their operating systems haven't been compromised by security alterations and other attacks. However, as long as you avoid this Fawkes virus link while you're using Facebook, you should have little to fear from current forms of this Anonymous attack.
Backdoor.Win32.Bifrose.aajx: Not Quite the Virus of Anonymous's Boasts, but Close Enough to Harm Your PC
Backdoor.Win32.Bifrose.aajx is distributed, like many other types of PC threats, by way of mislabeled Facebook links that pretend to offer video chat features, instead of what they're really offering, which is the installation of a backdoor Trojan. Other than the general lack of functionality in the link itself, you may not see symptoms of Backdoor.Win32.Bifrose.aajx being installed or attacking your PC. The majority of the traits that the hacker-activist group Anonymous claimed to be a part of their latest PC threat to 'destroy Facebook' are found in Backdoor.Win32.Bifrose.aajx, including:
- Infecting the system processes for Internet Explorer, allowing Backdoor.Win32.Bifrose.aajx to launch whenever IE does without an independent process that could be detected or shut down.
- Monitoring keystrokes (AKA typing) from your keyboard, storing this information in log files and sending these log files to external servers on a pre-scheduled basis.
- Disabling anti-malware programs by attacking their system processes.
- Allowing criminal hackers to control your PC via a remote Egypt-based command server.
Solid Protection Against the Fawkes Virus Hacking Spree
Despite possessing characteristic backdoor Trojan traits, SpywareRemove.com malware experts have found that this apparent Fawkes virus lacks any ability to propagate by copying itself or infecting new system processes, and so, must use Facebook to spread to new computers. Backdoor.Win32.Bifrose.aajx is also identified by the aliases Trojan.WIN32.BUZUS.GWUD and BCK/BIFROST.GEN, and, based on the Arabic text of its Facebook link, appears to be focused on infecting Middle-Eastern Facebook-users.
Once translated from Arabic, this Fawkes virus link claims to provide a new 'New Facebook Video Chat with Voice Features' functionality. As long as you avoid interacting with this fake link, Backdoor.Win32.Bifrose.aajx shouldn't be able to infect your PC, although anti-malware software may be required to remove Backdoor.Win32.Bifrose.aajx, once the infection has occurred. As of mid-November 2011, Backdoor.Win32.Bifrose.aajx is still a very recent PC threat, and you should be prepared with fully-patched security software to have a good chance of detecting or deleting a Backdoor.Win32.Bifrose.aajx infection, if your PC is attacked.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:kavsvc.exe
File name: kavsvc.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
cpf.exe
File name: cpf.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
kav.exe
File name: kav.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
umxtray.exe
File name: umxtray.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.