25
Mar
TIBS C
Overview
TIBS C is a Trojan that comes to your PC through opening email messages with suspicious content, or pulling down a program from a chat room. It is using Outlook address book to propagate to your email contacts.
It will also try to download and execute other software like the TIBS dialer without user permission. TIBS dialer is a porn dialer application which enables users to connect to a premium line to access a site. Porn dialers are commonly used by Web masters to earn profit through per-minute and bulk connection offerings, often causing unexpected phone charges to affected users.
Alias
Win32/Tibs!generic [CA VET], Trojan-Downloader.Win32.Small.cwj [Kaspersky], W32/DLoader.CBPU [NORMAN]
How to Detect and Remove TIBS C?
Automatic Removal
1. Download Spyware and Adware Removal Tool. We have tested and reviewed the Top 3 Spyware/Adware Removal Software. You can download free from here.
2. After downloading, browse where the file was saved and double click to install it.
3. After installation, connect to internet and download all necessary updates to get the latest spyware definitions database.
4. Scan and Remove all Tibs C files and other spywares found on your computer.
Note: To be highly effective, you may have to restart your computer in Safe mode and scan again to check for those memory-resident trojans that are running when not in Safe mode.
5. Restart your computer in Safe Mode.
-
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press “Enter”.
Choose your usual account.
6. Scan and detect and remove any TIBS C infection, when in Safe mode.
7. Reboot your PC and run another scan to ensure that your computer is clean of TIBS C.
Manual removal is not recommended since it involves high number of files, directories, autostart and windows registry entries to delete.
Executable Files:
h91746.exe
%system%\dlh9jkd1q8.exe
%system%\dlh9jkd1q7.exe
%system%\qvxga6met3.exe
%system%\qvx5gamet2.exe
%system%\max1d641.exe
%system%\ma.exe.exe
vs000002.cwj_tr.exe
vxga1me4t1.exe
%profile%\local settings\temp\ixqlsxgh.exe
%system%\dlh9jkd1q6.exe
%system%\dlh9jkd1q5.exe
%system%\dlh9jkd1q2.exe
%system%\dlh9jkd1q1.exe
Autorun References:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run usjbgwl.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices systemtools
DLL Files:
%system%\cubtzv32.dll
%system%\comcs32u.dll
%system%\comcs32m.dll
%system%\bofhn32.dll
ibm00002.dll
ibm00001.dll
%system%\kfejwmi.dll
%system%\dsuiexq.dll
%system%\usjbgwl.dll
%system%\ufypth.dll
shdocvs.dll
Recommendation
Spyware/Adware such as TIBS C can invade your privacy, bombard you with pop-up windows, slow down your computer, and even make your computer crash. So if you want to prevent spyware, you have to take back control of your PC today!
Important: Our suggestion for preventing future spyware and adware is to obtain a good online anti-spyware program, which will make sure that your system remains safe when you surf on the web. With this Spyware scanner, you’ll get updates twice a week ensuring that you get the latest TIBS C variants and other malicious threats.
If you think your PC may already have TIBS C, use TIBS C remover software to find and remove TIBS C and other common Spyware infections.
