Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

removing downloaded Trojan-Downloader.Win32.Tibser.c


  • Please log in to reply
5 replies to this topic

#1 APinn

APinn

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 11 July 2005 - 06:28 AM

Hi,

Please be gentle, this is my first post ! My F-secure keeps coming up with the following messages upon starting Windows 98.

F-Secure

Message from F-Secure Anti-Virus on Tue Jul 05 09:20:23 2005

Malicious code found in file C:\WINDOWS\SYSTEM\TIBS3.EXE
Infection: Trojan-Downloader.Win32.Tibser.c
Action: failed.

Messages waiting 0

and a second one:

AVP

Severity : 5, TrapNumber: 205, Product:1.2.6.1.4.1.2213.12 , Parameter
C:\WINDOWS\SYSTEM\TIBS3.EXE (1) Trojan-Downloader.Win32.Tibser.c

Do these messages mean that the file Trojan-Downloader.Win32.Tibser.c has been deleted or fixed ? I searched for it afterwards and found it sitting where it F-secure said it was in SYSTEM. I tried hauling it off to the waste bin and also right clicking on it and chosing delete but the AVP message comes up again from F-secure as well as another one saying "access denied, file is locked".

Is it still active ? or been "killed by F-Secure" , How do I delete it ?

Many Thanks,

Ashley

BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:21 PM

Posted 11 July 2005 - 08:33 AM

Have you run F-Secure in Safe Mode?
How to start Windows in Safe Mode

If that doesn't work, run these online virus scanners:
http://www.pandasoftware.com/activescan/
http://housecall.trendmicro.com/

Also this online Trojan scanner:
TrojanScan

Are you using these basic security programs?
(They're all free.)

aČ free - a complementary product to antivirus software which is specialized in protection against harmful software. Antivirus software often features an inadequate protection against Trojans, Dialers and Spyware. aČ fills this gap.
Ad-Aware - A good program similar to SpyBot S & D.
Spybot S&D - Detects and removes spyware, of different types, from your computer.
SpywareBlaster - A good program that prevents spyware from being installed on your computer in the first place. This program is always running in the background, protecting your computer. It prevents the installation of bad active X controls found in web pages.
SpywareGuard - A nice compliment to SpywareBlaster. This allows you the option to prevent downloads that contain bad active X controls.

If not, you need to. These programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...

Download them, update them, and then run them.

Important:
Please read this tutorial on Spybot S&D before using it. Spybot can do SERIOUS damage, if not used properly.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 APinn

APinn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 11 July 2005 - 09:45 AM

Hi ,

Thanks for the advice,

I'll give those a go and report back how I get on

thanks again,

Ashley

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:01:21 PM

Posted 11 July 2005 - 11:09 AM

Your welcome, Ashley.
Let us know how it goes.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 rmm55

rmm55

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 11 July 2005 - 11:35 AM

Depending on the trojan's control, you may be blocked from reaching the online housecall scan site. If so, I would suggest going to http://www.trendmicro.com/download/dcs.asp and download the Sysclean Package along with the latest virus pattern files, at the bottom of the left column.
Roy Mel - YourTechOnline technician
roy@no_spam_yourtechonline.com (remove no_spam_)

#6 APinn

APinn
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:21 PM

Posted 12 July 2005 - 07:30 AM

Ok,

Last night I put Windows 98 into safe mode and found the tibs3.exe file and successfully deleted it. When I went back in normal mode the 2 warning messages I was getting from F-secure didn't appear, so I think I have managed to get rid of it !!

I will also try running some of the anti-virus URL's people have suggested

will Report back if They discover anything else

Many Thanks again

Ashley




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users