Home Blog

How Can I Remove Backdoor.Bifrose.N instantly

Posted by in Blog backdoor trojan
on January 4th, 2013 | Leave a comment

Backdoor.Bifrose.N is a backdoor virus like Backdoor.Sykipot that let the hacker access the compromised computer without users’ acknowledgment. Also, the backdoor Trojan can collect sensitive information and send to server. The Trojan can connect to its server on the background. It installs remote desktop control to let the hacker take over the compromised system randomly. When Backdoor.Bifrose.N runs, it launches a new Internet Explorer process, injects itself into it, ends its own execution, and continues running inside the new Internet Explorer process. In this way, the Trojan can hide from detection of antivirus software. The attack will bring great damage to the pc. For example, Backdoor.Bifrose.N delete files, rename files, download and install malicious files as well as execute files. Using the connection to server the Trojan can send the hacker confidential information, such as disk and partition information, running applications and internet records, which may help hackers attack the computer and your account easily.

Manual way to remove Backdoor.Bifrose.N
Experts have given out details of the Trojan, such as files and registry entries created by the Trojan. If you can delete all components of Backdoor.Bifrose.N, you can get rid of the infection. However, manual way is considered as risky, so do not try this method if you are not experienced.
1. Run task manager and kill explorer.exe associated with the Trojan
2. Remove files

%CommonProgramFiles%\DirectDB.exe
%System%\advapi32.dll
%UserProfile%\Application Data\addons.dat

3. Open registry editor and delete Backdoor.Bifrose.N registry entries

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{785942B1-FDE7-447F-A9C2-694A721FA120}\”stubpath” = “%CommonProgramFiles%\DirectDB.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\STS\”nck” = “[BINARY DATA]“

Recommended solution
It is recommended to deal with the infection by a virus removal program which can pick up infected files and delete them safely. A virus removal program can act like a pc technician and fix your compromised computer faster. Since Backdoor.Bifrose.N is a new Trojan virus, some antivirus programs have not yet update the database to include the infection. If your antivirus program can not remove the Trojan after you update the database, you can use Spyware Cease, an advanced virus removal program. Spyware Cease can remove most new-released Trojans due to its frequent-update database. Just an online scan can wipe off Backdoor.Bifrose.N completely.

Leave a Reply