Trojan.Bisrala

If your computer is infected with Trojan.Bisrala, you may follow the procedure on this page to contain this threat. Remove the Trojan at once before it can further harm the system.

Trojan.Bisrala is a computer Trojan that when executed will connect to a remote server to download more threats. This threat also deletes some system files on the infected computer. It will also embed itself to some system files to run the Trojan when Windows starts.

Presence of this threat not only harms critical data but also endangers the privacy of the user.

When Trojan.Bisrala executes on the computer, it will copy itself as a .DAT file under System folder of Windows. Aside from that, the Trojan may also create harmful executable files on the same folder. Please see Associated Files section for a complete list.

Unlike other threat, this Trojan will not add registry entry to run on Windows start-up. Instead, it will infect files such as ctfmon.exe and ws2_32.dll. Windows used to load these files at start-up, thus, it also loads the Trojan.

It will also modify a boot.ini file to disable data execution prevention (DEP). The Trojan adds the “/noexecute=AlwaysOff” switch to the restart option.

“Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system.”

Lastly, Trojan.Bisrala will try to contact to a distant server in order to download more malware that have various tasks to carry out when executed on the computer.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Trojan.Bisrala:

1. Temporarily Disable System Restore. This feature is active by default once Windows (XP/Vista/7) is installed on the computer.
2. Open your antivirus program and update the virus definition. Refer to your antivirus manual on how to initiate an update. Most antivirus software provides one-click process.

3. Restart Windows in Safe Mode.
– Turn off the computer. Then turn the power on, immediately press F8 on your keyboard right after a text appears on the screen.
– It will display a selection. Please choose Safe Mode and press Enter. Most threats like Trojan.Bisrala will not load when you run Windows in this mode.

4. Once Windows starts in Safe Mode, run a full system scan and clean/delete all infected files. If it cannot perform clean/delete, better put the infected file into quarantine so that it will remain inaccessible.
5. Reboot the computer and run another scan after Windows boots normally to make sure that Trojan.Bisrala is gone.

Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.

Technical Details and Additional Information:

Other functionalities of this Trojan:
- Download and execute files
- Disable data execution prevention
- Infects system files

Malicious Files Added by Trojan.Bisrala:
%System%\rsvp.dat
%System%\ncpa.dat
%System%\odbccp.dat
%System%\winbja.dat
%System%\ntoskrnl16.exe
%System%\ctfmen.exe
%System%\igpdv16.dll

Alternative Removal Method for Trojan.Bisrala

Option 1 : Use Windows System Restore to return Windows to previous state

If Trojan.Bisrala enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Trojan.Bisrala infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.