Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Avast has found "Win32:Tibs-AFH [Trj]" - any advice?

17 Jan 2010   #1
shiphen

Windows7 Pro x64
 
 
Avast has found "Win32:Tibs-AFH [Trj]" - any advice?

Hi

My Avast anti-virus program has detected a Trojan Horse called "Win32:Tibs-AFH [Trj]".

How do I find out how serious a problem it is?

FWIW, it appears to be connected to some email (I am using Outlook2003) - something to do with Condoleeza Rice....

With thanks

Ship


My System SpecsSystem Spec
.

17 Jan 2010   #2
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, shipen.

It is likely that Avast detected the trojan in spam e-mail. Hopefully you haven't opened the email, followed any links in or launched any attachments to the email. Delete the email and empty your "Deleted" folder in Outlook. Check for update and scan your computer with Avast and, preferably, your anti-malware software.

See Viruslist.com - Trojan-Downloader.Win32.Tibs.aw.
My System SpecsSystem Spec
17 Jan 2010   #3
shiphen

Windows7 Pro x64
 
 

Done.

Rather worryingly it seems that there were quite a few of them!

AVAST FOUND:

Win32:Tibs-AFH [Trj] C:\documents and settings\XXXX\local settings\temp\X1Server\U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel.msg
Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AFX [Trj] C:\documents and settings\XXXX\local settings\temp\X1Server\The Kiss.msg
Win32:Tibs-AGA [Wrm] C:\documents and settings\XXXX\local settings\temp\X1Server\Forever in Love.msg
Win32:Tibs-AIE [Trj] C:\documents and settings\XXXX\local settings\temp\X1Server\I Would Give you Anything.msg
Win32:Tibs-AFH [Trj]

But what about these that MSE (Microsoft Security Essential) seems to have found. Something to do with Avast - or could they be real?

Nuwar.N@mm!CME-711 C:\DOCUME~1\XXXXST~1\LOCALS~1\Temp\_avast4_\unp28372.tmp
Trojan: Win32/Vxidl.gen!B File:C:\DOCUME~1\XXXXST~1\LOCALS~1\Temp\_avast4_\unp69768409.tmp
Trojan: Win32/Vxidl.gen!dam File:C:\DOCUME~1\XXXXST~1\LOCALS~1\Temp\_avast4_\unp142407802.tmp
My System SpecsSystem Spec
.


17 Jan 2010   #4
jav

Windows 7 Ultimate x86 SP1
 
 

wait..
how you did get MSE report? (MSE real-time scan or you did on-demand scan yourself?)
It seems it caught Avast's either quarantine or definitions..

My System SpecsSystem Spec
17 Jan 2010   #5
Corrine

Windows 7 & Windows Vista Ultimate
 
 

I suggest cleaning temp files and running an anti-malware application as well and, if everything is ok on your computer, emptying the Avast quarantine.
Please download ATF Cleaner by Atribune from ATF-Cleaner.exe - www.atribune.org . Save it to your Desktop.

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Click Exit on the Main menu to close the program.
  • Shutdown/restart the computer.
Download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.


To clean the Avast quarantine vault:
  • Start Avast by right clicking the program icon (@) and selecting Start Avast Antivirus
  • When the program is running (it will run a memory scan to start with, but this can be skipped )
  • Right click anywhere on the interface and a Menu will appear
  • Select Virus Chest
  • Select ALL infected files
  • Right click and select Delete
  • Accept the warning
  • Done. You can exit the menu.
My System SpecsSystem Spec
18 Jan 2010   #6
Dinesh

Windows® 8 Pro (64-bit)
 
 

It looks like MSE has detected Avast virus definitions, which is a false positive.

Edit: let Avast handle the virus. Run a full system scan.
My System SpecsSystem Spec
18 Jan 2010   #7
jimbo45

Linux CENTOS 7 / various Windows OS'es and servers
 
 

Hi there
I'd go the OTHER route

Get rid of AVAST and let MSE kill the trojan.

It would appear that it comes through some sort of Email -- I don't know what email client you are using but you definitely should scan ALL emails before opening ANY of them.

I'd actually RESTORE the entire computer from an earlier image backup - should get rid of the entire problem.

I'm never certain that ANY AV software will really CLEAN a machine once it's got on to the system in the first place. The best AV software can do is preventing infection in the first place -- and in this case the AV software obviously hasn't worked properly.

Corrine : in your example

You can see that it's got on to the machine by a Registry key notification as well as other areas of the "C" drive.

My OS ("C") partition is SACROSANCT -- if an infection actually gets that far then I BIN that image and re-load a fresh one.

Since I take a system backup every day (02.00 AM automatically run) I can always get a decent recovery. I have a 25 GB W7 partition which takes around 15 Mins to backup or restore.

YMMV however -- but I'd restore the machine -- I'd never trust it again 100% by just a normal "Clean".

Cheers
jimbo
My System SpecsSystem Spec
18 Jan 2010   #8
shiphen

Windows7 Pro x64
 
 

Hi

It seems that "X1 search" (which after much searching it probably the best desktop search utility that I have found so far) is spidering content of old emails - which seems dangerous!

Working my way through the above...

OP
My System SpecsSystem Spec
Reply

 Avast has found "Win32:Tibs-AFH [Trj]" - any advice?




Thread Tools





Similar help and support threads
Thread Forum
When I click "install now", it's saying "No device drivers were found"
Ok, now I get another problem... When I click "install now", I get a msg box that is saying 'no device drivers were found. Make sure that the installation media contains the correct drivers, and then click OK' What should I do now?
Installation & Setup
Security Essentials can't remove/quarantine "Adware:Win32/FastSaveApp"
Hi there Each time I switch on my PC Security Essentials flags up an medium alert (status active) concerning a detected item - "Adware:Win32/FastSaveApp". I've applied the action "Quarantine" and "Remove", each time Security Essentials completes the operation and tells me to restart my PC. ...
System Security
How can I be sure if I am still infected with "Win32/Small.CA" virus".
Hi I got a "Solve PC Issues" (white flag) saying "Remove the Win32/Small.CA virus". I am running MSE (Microsoft Security Essentials) on Windows 7 Pro (x64). So I did an update followed by a full scan using MSE. I then ran - Malware Anti-Virus - SUPERAntispyware - Microsoft Safety Scanner...
System Security
"application" can't be run in win32 mode"
I'm trying to run VIPRERESCUE to check for rootkit virus's, but when I dbl click on the application, I get a pop up saying "application can't be run in Win32 mode." I'm using a system that is loaded with the 64 bit version of Win 7 Home Premium. I have run this successfully in the past (don't...
Software
Win7 pro startup error "Boot MGR missing"/"Operating System Not Found
I just upgraded from Vista Home Premium to Win7 professional x64 hoping to fix the above mentioned problem. After a complete re-install Im getting the same errors. Im not sure of the proper terminology here, but during startup the computer does a scan of all hardware and "Volume 0" has a...
Installation & Setup
Avast just found this "Win32:Adloader-AC [Trj]"
And calls it a trojan horse. When I try to move it to the chest it says there is not enough space on the disk. What? how can that be? Is there a chest size setting? Im not really sure what to do with this. Should I delete it permanently or put it in the trash? Is it a false positive?
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App