Home / malware Trojan:Win32/WebToos.B
First posted on 22 July 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/WebToos.B.
Explanation :
Threat behavior
Installation
Trojan:Win32/WebToos.B copies itself to %programfiles%\dbsecurityspt\dbsecurityspt.exe. The malware creates the following files on your PC:
- %programfiles%\dbsecurityspt\bill.exe
- %programfiles%\dbsecurityspt\svch0st.exe
Payload
Stops processes
Trojan:Win32/WebToos.B can stop the following processes:
Contacts remote host
- Bill.exe
- DbSecuritySpt.exe
The malware might contact a remote host at tools.google.com using port 80. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 59ea6a5558e258db8e516b60c534a670ab44063d.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
%programfiles%\dbsecurityspt\bill.exe
%programfiles%\dbsecurityspt\dbsecurityspt.exe
%programfiles%\dbsecurityspt\svch0st.exeLast update 22 July 2014
