Backdoor.Bifrose.d

Discussion in 'ewido anti-spyware forum' started by bill65, Jul 12, 2006.

Thread Status:
Not open for further replies.
  1. bill65

    bill65 Registered Member

    Joined:
    Jul 12, 2006
    Posts:
    4
    Could some have a look at this scan its from scanning the ubcd4win boot cd. The people at the ubcd forum say they are False Positives,could some one confirm this.
    C:\Documents and Settings\william\My Documents\ubcd4win\BartPE\I386\SYSTEM32\PRELOGON.EXE -> Backdoor.Bifrose.d : No action taken.
    C:\Documents and Settings\william\My Documents\ubcd4win\oem1\Joshuas-PreShell\PreLogon.exe -> Backdoor.Bifrose.d : No action taken.
    C:\ubcd4win2\BartPE\I386\SYSTEM32\PRELOGON.EXE -> Backdoor.Bifrose.d : No action taken.
    C:\ubcd4win2\oem1\Joshuas-PreShell\PreLogon.exe -> Backdoor.Bifrose.d : No action taken.
    C:\Documents and Settings\william\My Documents\ubcd4win\oem1\Joshuas-PreShell\PreLogonConfig.exe -> Dropper.FC.i : No action taken.
    C:\Documents and Settings\william\My Documents\ubcd4win\plugin\!Critical\Config-PreLogon\PreLogonConfig.exe -> Dropper.FC.i : No action taken.
    C:\ubcd4win2\oem1\Joshuas-PreShell\PreLogonConfig.exe -> Dropper.FC.i : No action taken.
    C:\ubcd4win2\plugin\!Critical\Config-PreLogon\PreLogonConfig.exe -> Dropper.FC.i : No action taken.
    C:\Documents and Settings\william\My Documents\ubcd4win\plugin\Network\netcat\files\nc.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : No action taken.
    C:\ubcd4win2\plugin\Network\netcat\files\nc.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : No action taken.
    Link to the forum:http://www.ubcd4win.com/forum/index.php?showtopic=5459
     
  2. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    I don't know if they are fps or not, but if it was me I would upload each file to Jotti's, where they will be scanned by multiple scanners, and see what the result of that is.

    http://virusscan.jotti.org/

    If the results are clean, and therefore probable fps, you can submit the files to ewido for correction:-

    http://www.ewido.net/en/malware/

    If they are not clean, as seems to be the case, you would need to make your own judgement as to whether you want them on your system.
     
Thread Status:
Not open for further replies.