Multi-Device Licenses (Volume Discounts)

Change Region

English
Threat Database Backdoors Mal/TibsPak

Mal/TibsPak

By ESGI Advisor in Backdoors

Mal/TibsPak is a mischievous backdoor trojan infection that runs in the background and enables remote access to the targeted computer system. Mal/TibsPak is installed on a compromised PC without a victim's knowledge. Mal/TibsPak won't let you uninstall it instead of showing fake security alert. Mal/TibsPak comes bundled with malicious software, so it is often used to advertise rogue antivirus software, spyware, etc. Mal/TibsPak should be removed as early as possible when it is detected on a computer system.

File System Details

Mal/TibsPak may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. %Temp%\g8ngajqe.bat
2. %Temp%\qtfcyyp.exe
3. %Windir%\Temp\p0uj78n6a.exe
4. %Windir%\Temp\Managee.exe
5. %Windir%\Temp\qtfcyyp.exe
6. %Temp%\4wa3x6d21.bat
7. %Temp%\MouseDriver.bat
8. %Temp%\ydky9kv.exe
9. %Windir%\Temp\y4xjfgfi.exe
10. %Windir%\Temp\ydky9kv.exe
11. %AppData%\updates\updates.exe
12. %System%\Nwsapagents.dll
13. %Temp%\z1vdxih4w.exe
14. %Temp%\kmoj0k5ur.exe
15. %Windir%\Temp\Plug.bat
16. %Windir%\Temp\x2fldzww.exe
17. %Windir%\Temp\MouseDriver.bat
18. %Windir%\Temp\mlog
19. %System%\fl8uphp.log
20. %Temp%\1avs.log
21. %Windir%\Temp\1avs.log
22. %System%\31rvuk6.log

Registry Details

Mal/TibsPak may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent\Enum
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MouseDriver
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENT\0000
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NWSAPAGENT\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MouseDriver\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Nwsapagent\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nwsapagent\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NWSAPAGENT\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Plug Manager\Security

Trending

Most Viewed

Loading...