free system scan

Select Operating System

  • Protect your PC
  • Intuitive interface
  • Automatic updates
  • Great support team


Backdoor Bifrose

back to Definitions list

Infected with Backdoor Bifrose ?

The Backdoor Bifrose application opens ports to facilitate remote access to the computer.
The Backdoor Bifrose program creates a connection that allows remote users to install a Remote Access Tool (RAT) application. This RAT program provides server-to-client connection between the computer and the remote systems. The server component receives and executes commands given by a remote user. The client component is the application utilized by the remote user to send out commands. The server component connects to a preconfigured Internet Protocol (IP) address through an opened port. This program opens unused ports utilized in waiting commands issued by the remote user. The remote user may then start sending commands upon establishment of the server-client connection. The commands include uploading, downloading and deletion of files stored in the computer. Personal information may also be collected by surveillance tools by using the connection established by this application.
The server component installed by the RAT application may have the capability to change the port and IP address used by the Backdoor Bifrose program. The application uses a rootkit application to change its executable file name and its Windows registry startup value. Rootkit tools may also disable anti-malware programs and hide the program's processes. This makes the application difficult to detect or terminate.
The client component of the RAT program may send out commands such as browse and terminate currently running processes, manage files, close and open Windows, gather system information, extract passwords and usernames, and log keystrokes done on the computer.
This program reputedly creates the system.exe file upon execution. The application saves the EXE file created on the system folder. The program also generates the encrypted file plugin1.dat in the system directory. The Backdoor Bifrose application also adds new startup registry entries to allow the program to execute on every Windows startup.
This application was first detected on October 12, 2004. The program is also known as:
* Backdoor.Bifrose;
* Troj/Bifrose;
* and Bifrost 1.2.1.


Vendor URL

Threat Level: Severe Risk
Backdoor Bifrose Characteristics
Displays ads  
Records personal data / keystrokes  
Hijacks internet browser  
Allows remote influence
Downloads unsolicited files  
Disables programs / system  
Makes unauthorized phone calls  
Exploits a security flaw  
Floods internet connection  
Distributes threats  
Tracks browsing activity with installed applications  
Tracks browsing activity with cookies  
Installs without user consent  
Inadequate uninstall procedures  
Insufficient privacy disclosure and consent  
Uses excessive system resources  
Makes fraudulent claims about spyware detection and removal  
Performs Silent Updates  

Remove Backdoor Bifrose
Remove Backdoor Bifrose and other unwanted applications from your computer quickly, powerfully and completely with XoftSpySE Anti-Spyware.

Microsoft is a registered trademark of Microsoft Corporation in the United States and/or other countries.