Follow:

 

Trojan:Win32/Febipos.B!dll


Microsoft security software detects and removes this threat.

This threat is an Internet Explorer plugin that installs the malicious JavaScript Trojan:JS/Febipos.E.

It is installed on your PC by Trojan:Win32/Febipos.B.

 



What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit the Microsoft virus and malware community for more help.

Threat behavior

Installation

Trojan:Win32/Febipos.B!dll can be installed Trojan:Win32/Febipos.B. It is installed to %APPDATA%\WService.dll.

It creates the following registry entries:

In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}

Payload

This threat loads Trojan:JS/Febipos.E to Internet Explorer.

Analysis by Jonathan San Jose


Symptoms

The following could indicate that you have this threat on your PC:

  • You see a detection of Trojan:JS/Febipos.E from your security software
  • You see these entries or keys in your registry:

In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"

In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}


Prevention


Alert level: Severe
First detected by definition: 1.161.1607.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Nov 07, 2013
This entry was first published on: Nov 07, 2013
This entry was updated on: Nov 14, 2013

This threat is also detected as:
No known aliases