Home / malware Trojan:WinNT/Tibs.gen!A
First posted on 04 February 2009.
Source: SecurityHomeAliases :
Trojan:WinNT/Tibs.gen!A is also known as Also Known As:Trojan.Peed.IQS (BitDefender), Win32/Sintun (CA), Rootkit.Win32.Agentu.ru (Kaspersky), W32/Nuwar@MM (McAfee), Trojan.Rootkit.GEN (Sunbelt Software), WORM_NUCRP.GEN (Trend Micro), Backdoor:WinNT/Nuwar.D!sys (other).
Explanation :
Trojan:WinNT/Tibs.gen!A is generic detection for drivers used across multiple pieces of malware affiliated with the 'Tibs' malware distribution network. WinNT/Tibs malware uses rootkit methods to hide its presence on an infected computer.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s). Detection is in indicator of further malware infection by Win32/Nuwar, Win32/Vxidl and/or Win32/Renos malware families.
Trojan:WinNT/Tibs.gen!A is generic detection for drivers used across multiple pieces of malware affiliated with the 'Tibs' malware distribution network. WinNT/Tibs malware uses rootkit methods to hide its presence on an infected computer.
Installation
Trojan:WinNT/Tibs.gen!A is installed by other malware such as Win32/Nuwar, Win32/Vxidl or Win32/Renos. This component may be present as a kernel-mode driver having file names such as the following:Sfloppy.sys TDSServ.sys noskrnl.sys Detection is an indicator of further malware infection by Win32/Nuwar, Win32/Vxidl and/or Win32/Renos malware families. Tibs.gen!A also has functionality to hide files and registry keys that may be related to other malware components to avoid detection.Additional InformationFor more information about Win32/Nuwar or Win32/Renos, please view our descriptions elsewhere in the encyclopedia.
Analysis by Andrei Florin SaygoLast update 04 February 2009
