Thursday, November 13, 2008

TIBS Trojan

Removing TIBS
Categories: Trojan,Adware,Backdoor,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Trojans-downloaders downloads and installs new malware or adware on the computer.

TIBS Also known as:

[Kaspersky]Trojan-Downloader.Win32.Tibs.im,Trojan-Downloader.Win32.Small.cwj,Email-Worm.Win32.Zhelatin.bw,Packed.Win32.Tibs.w,Trojan-Downloader.Win32.Tibs.pk;
[McAfee]Generic Downloader.q,BraveSentry;
[F-Prot]W32/EmailWorm.IRB;
[Panda]Dialer.DU;
[Other]Win32/Tibs!generic,W32/DLoader.CBPU,W32/DLoader.CBPT,W32/Tibs.VWN,Trojan.Packed.13,Worm:Win32/Nuwar.gen,Mal/EncPk-E,Trojan.Vxgame.z,members area dialer,TrojanDownloader:Win32/Tibs.L,W32/Tibs.gen92,TrojanDownloader:Win32/Tibs
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll

How to detect TIBS:

Files:
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll
[%PROFILE_TEMP%]\1.dllb
[%PROFILE_TEMP%]\2.dllb
[%PROFILE_TEMP%]\5.dllb
[%PROFILE_TEMP%]\6.dllb
[%PROFILE_TEMP%]\7.dllb
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt34.game
[%PROFILE_TEMP%]\qvxt42.game
[%SYSTEM%]\dlh9jkd1q1.exe
[%SYSTEM%]\dlh9jkd1q2.exe
[%SYSTEM%]\dlh9jkd1q5.exe
[%SYSTEM%]\dlh9jkd1q6.exe
[%SYSTEM%]\dlh9jkd1q7.exe
[%SYSTEM%]\dlh9jkd1q8.exe
[%SYSTEM%]\dsuiexq.dll
[%SYSTEM%]\ma.exe.exe
[%PROFILE_TEMP%]\ixqlsxgh.exe
[%PROFILE_TEMP%]\ma1xdd1.game
[%SYSTEM%]\bofhn32.dll
[%SYSTEM%]\cubtzv32.dll
[%SYSTEM%]\hdefvz.sys
[%SYSTEM%]\kfejwmi.dll
[%SYSTEM%]\max1d641.exe
[%SYSTEM%]\qvx5gamet2.exe
[%SYSTEM%]\qvxga6met3.exe
[%SYSTEM%]\ufypth.dll
[%SYSTEM%]\usjbgwl.dll

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}
HKEY_CURRENT_USER\software\adwaredisablekey4
HKEY_LOCAL_MACHINE\software\adwaredisablekey4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00009E9F-DDD7-AA59-AA7D-AA4B7D6BE000}
HKEY_CLASSES_ROOT\clsid\{2c1cd3d7-86ac-4068-93bc-a02304b60787}
HKEY_CLASSES_ROOT\clsid\{4f67b44e-7ba5-aef4-828e-074034113a82}
HKEY_CURRENT_USER\clsid\{f862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{f862b760-0a21-1033-0729-0529050001}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{4f67b44e-7ba5-aef4-828e-074034113a82}

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_gb\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000
HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_runtime\0000\control
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\classes\clsid\{1862b760-0a21-1033-0729-0529050001}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\a3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\example
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\enum
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\parameters
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gb\security

Removing TIBS:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)