| ID | 329778 |
| Released | Jan 31, 2007 |
| Description Updated | Feb 02, 2007 |
Detection Availability
| FortiClient | |
|---|---|
| Extreme |
|
| FortiMail | |
| Extreme |
|
| FortiSandbox | |
| Extreme |
|
| FortiWeb | |
| Extreme |
|
| Web Application Firewall | |
| Extreme |
|
| FortiIsolator | |
| Extreme |
|
| FortiDeceptor | |
| Extreme |
|
| FortiEDR |
|
Threat Profile
Aliases:- Email-Worm.Win32.Zhelatin.j
- Tibs trojan
- Mal/HckPk-A
- WORM_NUWAR.CQ
Win32 file format / PE 32 bit
Refine Search
Threat Encyclopedia
W32/Tibs.KE!tr
Analysis
- c:\windows\system32\adirss.exe
- c:\windows\system32\lnwin.exe
- c:\windows\system32\wincom32.ini
- c:\windows\system32\wincom32.sys
- http://81.17{REMOVED}/cp/rule.php?fstt=1&b=72&w=back&name=name_of_the_computer_72&v=1&13
- http://209.12{REMOVED}/cp/rule.php?fstt=1&b=72&w=back&name=name_of_the_computer_72&v=1&8088
- key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- value: lnwin.exe
- data: c:\windows\system32\lnwin.exe
- key: HKLM\SYSTEM\ControlSet001\Services\wincom32\ImagePath
- value:
- data: c:\windows\system32\lnwin.exe
- key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
- value: sysinter
- data: c:\windows\system32\adirss.exe
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
