Mal/TibsPak
Mal/TibsPak is a backdoor computer trojan that is able to drop down and execute malicious files through network exploits. Mal/TibsPak is able to block security-related applications by changing firewall settings and by disabling security services. Mal/TibsPak may also create numerous pop-up advertisements, and it will also try to bypass the Windows Firewall. Mal/TibsPak is a security risk and should be eliminated immediately to protect your personal information.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\updates\updates.exe 2 %System%\31rvuk6.log 3 %System%\fl8uphp.log 4 %System%\Nwsapagents.dll 5 %Temp%\1avs.log 6 %Temp%\4wa3x6d21.bat 7 %Temp%\g8ngajqe.bat 8 %Temp%\kmoj0k5ur.exe 9 %Temp%\MouseDriver.bat 10 %Temp%\qtfcyyp.exe 11 %Temp%\ydky9kv.exe 12 %Temp%\z1vdxih4w.exe 13 %Windir%\Temp\1avs.log 14 %Windir%\Temp\Managee.exe 15 %Windir%\Temp\mlog 16 %Windir%\Temp\MouseDriver.bat 17 %Windir%\Temp\p0uj78n6a.exe 18 %Windir%\Temp\Plug.bat 19 %Windir%\Temp\qtfcyyp.exe 20 %Windir%\Temp\x2fldzww.exe 21 %Windir%\Temp\y4xjfgfi.exe 22 %Windir%\Temp\ydky9kv.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\SystemHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NTHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestoreHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3PHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\HistoryHKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENTHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT\0000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT\0000\ControlHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriverHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriver\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwsapagentHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\EnumHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\ParametersHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\SecurityHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug ManagerHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENTHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENT\0000HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENT\0000\ControlHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriverHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwsapagentHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent\EnumHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent\ParametersHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug ManagerHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\SecurityHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.