We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
VirTool:Win32/Tibs.E.dll
Detected by Microsoft Defender Antivirus
Aliases: Win32/Sinteri (CA) Trojan-Proxy.Win32.Lager.aq (Kaspersky) Downloader-ZQ (McAfee) W32/Lager.BK (Norman) Troj/HideDl-A (Sophos) Trojan.Abwiz.F (Symantec) TROJ_LAGER.Z (Trend Micro)
Summary
VirTool:Win32/Tibs.E.dll is a user-mode rootkit that may be dropped by a variant of Win32/Tibs or by variants of other malicious software. VirTool:Win32/Tibs.E.dll is injected into certain types of processes in order to hide certain malicious software on the computer.
Attempting manual removal of VirTool:Win32/Tibs.E.dll is not recommended. To detect and remove VirTool:Win32/Tibs.E.dll, run a full-system scan with an up-to-date antivirus product such as the Microsoft Malicious Software Removal Tool (http://www.microsoft.com/security/malwareremove/default.mspx) or the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, visit http://www.microsoft.com/athome/security/downloads/default.mspx
Follow us
