We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.

Atención al Cliente de BullGuard

Estamos aquí para ayudarle 24 horas al día, 7 días a la semana


Envíenos una pregunta por correo electrónico y le contestaremos dentro de 48 horas.


 

 

How to remove Trojan.Downloader.Tibs.C



THREAT NAME

Trojan.Downloader.Tibs.C

 

CLEAN INSTRUCTIONS

Restart in Safe Mode and do the following:


1. Delete the following files:


C:\windows\system32\kernels88.exe
C:\Windows\System32\dlh9jkd1q1.exe
C:\Windows\System32\dlh9jkd1q2.exe
C:\Windows\System32\dlh9jkd1q5.exe
C:\Windows\System32\dlh9jkd1q6.exe
C:\Windows\System32\dlh9jkd1q7.exe
C:\Windows\System32\dlh9jkd1q8.exe
C:\Windows\System32\1.dllb
C:\Windows\System32\2.dllb
C:\Windows\System32\3.dllb
C:\Windows\System32\4.dllb
C:\Windows\System32\5.dllb
C:\Windows\System32\6.dllb
C:\Windows\System32\7.dllb
C:\Windows\System32\vx.tll

2. Delete the following registry keys:
NB: Before you edit the registry, please export the keys that you plan to edit, or create a backup of the system.

SOFTWARE\Microsoft\Windows\CurrentVersion\Run - System
SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices - SystemTools


3. Instructions on how to enable task manager can be found here (BullGuard Techguides)

 

4. Go to Start, Run, type:

 

netsh firewall reset

 

and press OK.


SYMPTOMS

1. Presence of the kernels88.exe file in C:\Windows\System32.

2. Increased network activity.

 

3. Presence of files having the name starting with dlh9jkd1q in C:\Windows\System32.

4. Presence of files having the extension dllb in C:\Windows\System32.


DESCRIPTION
1. This trojan copies itself in the system directory with the name kernels88.exe.

2. It lowers security settings by bypassing the Windows Firewall to allow the malware to connect to the Internet.

 

3. It tries to download some files that are copied to the system folder and then are executed.

 

4. It steals and sends information regarding the computer.

5. It sets up some registry keys in order to have itself to run at startup.

 

6. It disables the Task Manager.


Want to know more about Trojans? Visit Bullguard Security Center

 

Author:
The BullGuard Team