Home / malware
First posted on 10 February 2020.
Trojan:Win32/Tibs.gen!lds is also known as Trojan-Downloader.Win32.Agent.kwo, BACKDOOR.Trojan, WORM_NUCRP.GEN.
Trojan:Win32/Tibs.gen!lds is generic detection for a component of Win32/Tibs. This trojan downloads and executes malware from predefined Web sites. InstallationWhen Win32/Tibs.gen!lds is run, it may drop a copy of itself as the following file:
cbevtsvc.exe The trojan may modify the registry to execute its copy at each Windows start as a service. When the trojan is executed, it is run with a parameter as in this example:%SystemRoot%System32CbEvtSvc.exe -k netsvcs The trojan may add other registry values associated with this trojan.Adds value: "Opt"With data: ""To subkey: HKEY_LOCAL_MACHINESystemCurrentControlSetServicesCbEvtSvc PayloadWin32/Tibs.gen!lds may download and run other malware from predefined Web sites.
Last update 10 February 2020