Constructor.Win32.Bifrose.gy
Constructor.Win32.Bifrose.gy is a seditious Trojan infection which can be used by attackers to damage a PC system. Constructor.Win32.Bifrose.gy modifies system Hosts file to block the affected computer system from logging to security websites. Constructor.Win32.Bifrose.gy gives a way for additional threats to the infected PC system, steals its victim's personal information and slows down PC performance. Constructor.Win32.Bifrose.gy may connect with a remote attacker to download malicious files which may cause slow network and program loading. Remove Constructor.Win32.Bifrose.gy from the compromised PC immediately after detection.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%Windir%\msf\msf.exe
File name: %Windir%\msf\msf.exeFile type: Executable File
Mime Type: unknown/exe
%Temp%\Setup.exe
File name: %Temp%\Setup.exeFile type: Executable File
Mime Type: unknown/exe
%AppData%\logs.dat
File name: %AppData%\logs.datFile type: Data file
Mime Type: unknown/dat
%Windir%\HOSTS
File name: %Windir%\HOSTS%Temp%\XxX.xXx
File name: %Temp%\XxX.xXxMime Type: unknown/xXx
%Temp%\Bifrost.exe
File name: %Temp%\Bifrost.exeFile type: Executable File
Mime Type: unknown/exe
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10B16I71-RVF2-6GNQ-DIIC-7015LW1M4GIG} HKEY_CURRENT_USER\Software\][Timarz]HKEY_CURRENT_USER\Software\WinRAR SFXHKEY_CURRENT_USER\Software\BIFROST1.2\DIALOG\0HKEY_CURRENT_USER\Software\BIFROST1.2\DIALOGHKEY_CURRENT_USER\Software\BIFROST1.2HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\SettingsHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.