Home / malware Trojan:Win32/Febipos.B!dll
First posted on 14 November 2013.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Febipos.B!dll.
Explanation :
Threat behavior
Installation
Trojan:Win32/Febipos.B!dll can be installed Trojan:Win32/Febipos.B. It is installed to %APPDATA%\WService.dll.
It creates the following registry entries:
In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"
In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Payload
This threat loads Trojan:JS/Febipos.E to Internet Explorer.
Analysis by Jonathan San Jose
Symptoms
The following could indicate that you have this threat on your PC:
- You see a detection of Trojan:JS/Febipos.E from your security software
- You see these entries or keys in your registry:
In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"
In subkey: HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Sets value: (default)
With data: "MicrosoftSecurityPlugin"
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A}\InProcServer32
Sets value: (default)
With data: "%appdata%\WService.dll"
In subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A}
Last update 14 November 2013