Home>Trojan Programs>Trojan Downloader>

Trojan-Downloader.Win32.Tibs.aw

Alert Level :	Medium
Discovered:	Dec 15 2005
Tag:	Trojan   Downloaders
Discoverer and Source:	http://www.kaspersky.com/

Malware Behavior and Technical Description

This Trojan program downloads files via the Internet without the user's knowledge or consent.

The Trojan itself is a Windows PE EXE file approximately 6KB in size, packed using FSG. The unpacked file is approximately 49KB in size.

Once launched the Trojan creates a file named "kernels64.exe" in the Windows system directory:

%System%\kernels64.exe

It then registers this file in the system registry, ensuring that the Trojan will be launched each time Windows is rebooted on the victim machine:

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"System" = "%System%\kernels64.exe"

This Trojan will download, install and launch for execution other malicious programs (Pornware) on the victim machine.

0

Removal Trojan-Downloader.Win32.Tibs.aw instructions:

0

Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!

Great Anti-Virus Software : Kaspersky Internet Security 2009 Save 35% Buy Panda Global Protection 2009 and Panda Antiviru Download PandaLabs Reports Free AVG virus removel tools Hunting Down Spyware and Adware Adware and spyware, knowing the basics Adware Spyware Remover from CBAdvance Keeping Your Computer in Good Condition Using Free Spyware A Beware of Covert Online Spies Why the Need to Remove Adware and Spyware