You have been re-routed to the Trojan:Win32/Tinba.A write up because Trojan%3aWin32%2fTinba.A has been renamed to Trojan:Win32/Tinba.A


Microsoft security software detects and removes this threat.

This threat can perform a number of actions of a malicious hacker's choice on your PC.

Find out ways that malware can get on your PC.

What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Get more help

You can also see our advanced troubleshooting page for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Trojan:Win32/Tinba.A utilizes code injection in order to hinder detection and removal. When Trojan:Win32/Tinba.A executes, it may inject code into running processes, including the following, for example:

  • cmd.exe
  • DW20.EXE
  • explorer.exe
  • winver.exe
Contacts remote host
Trojan:Win32/Tinba.A may contact a remote host at using port 80. Commonly, malware may contact a remote host for the following purposes:
  • To report a new infection to its author
  • To receive configuration or other data
  • To download and execute arbitrary files (including updates or additional malware)
  • To receive instruction from a remote attacker
  • To upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 65cd9542d38760e12899662f721c6e1799772a4f.


Alerts from your security software may be the only symptom.


Alert level: Severe
First detected by definition: 1.127.1237.0
Latest detected by definition: and higher
First detected on: Jun 02, 2012
This entry was first published on: Jun 22, 2012
This entry was updated on: Jul 07, 2014

This threat is also detected as:
  • TSPY_TINBA.B (Trend Micro)
  • Trojan-Spy.Win32.SpyEyes.afnv (Kaspersky)