"tibprxy" Process?

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi,
I found a process named "tibprxy.exe" running on one of our XP machines. I
can't find anything about it. It has no info associated to the executable.
The Registry entry for it was random letters. It was not flagged by our
Anti-Virus or Spyware applications.

Does anybody have any idea what it is?

TIA,
James
5 answers Last reply
More about tibprxy process
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "JamesB" <JamesB@discussions.microsoft.com>

    | Hi,
    | I found a process named "tibprxy.exe" running on one of our XP machines. I
    | can't find anything about it. It has no info associated to the executable.
    | The Registry entry for it was random letters. It was not flagged by our
    | Anti-Virus or Spyware applications.
    |
    | Does anybody have any idea what it is?
    |
    | TIA,
    | James

    Please submit a sample of "tibprxy.exe" to Virus Total --
    http://www.virustotal.com/flash/index_en.html
    The submission will then be tested against many different AV vendor's scanners.
    That will give you an idea what it is and who recognizes it. In addition, unless told
    otherwise, Virus Total will provide the sample to all participating vendors.

    When you get the report, please post back the exact results.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    These are the results from Virus Total:
    Antivirus: Version (Update) Result

    AntiVir: 6.31.1.0 (08.26.2005) found: TR/Bremus
    Avast: 4.6.695.0 (08.26.2005) found: Win32:Trojano-1662
    AVG: 718 (08.26.2005) found: Downloader.Agent.IP
    Avira: 6.31.1.0 (08.26.2005) found: TR/Bremus
    BitDefender: 7.0 (08.26.2005) found: Trojan.Downloader.Agent.ED
    CAT-QuickHeal: 8.00 (08.26.2005) found: TrojanDownloader.Agent.ed
    ClamAV: devel-20050725 (08.26.2005) found: no virus found
    DrWeb: 4.32b (08.26.2005) found: Trojan.AproposAd
    eTrust-Iris: 7.1.194.0 (08.25.2005) found: Win32/Propo.E!Trojan
    eTrust-Vet: 11.9.1.0 (08.26.2005) found: Win32.Propo.E
    Fortinet: 2.41.0.0 (08.26.2005) found: W32/Agent.ED-tr
    F-Prot: 3.16c (08.25.2005) found: security risk named W32/Agent.VP@dl
    Ikarus: 0.2.59.0 (08.26.2005) found: no virus found
    Kaspersky: 4.0.2.24 (08.26.2005) found: Trojan-Downloader.Win32.Agent.ed
    McAfee: 4568 (08.26.2005) found: no virus found
    NOD32v2: 1.1202 (08.25.2005) found: Win32/TrojanDownloader.Agent.ED
    Norman: 5.70.10 (08.26.2005) found: no virus found
    Panda: 8.02.00 (08.26.2005) found: Trj/Agent.ABG
    Sophos: 3.97.0 (08.26.2005) found: no virus found
    Sybari: 7.5.1314 (08.26.2005) found: Win32/Propo.E!Trojan
    Symantec: 8.0 (08.25.2005) found: no virus found
    TheHacker: 5.8.2.095 (08.26.2005) found: Trojan/Downloader.Agent.ed
    VBA32: 3.10.4 (08.26.2005) found: Trojan.AproposAd

    It looks like 6 out of 23 missed it, including our inhouse AV app Norton
    AntiVirus - Corporate Eddition.

    Thanks for all your help.

    > From: "JamesB" <JamesB@discussions.microsoft.com>
    > | I found a process named "tibprxy.exe" running on one of our XP machines.
    > | [snip]
    > | It was not flagged by our Anti-Virus or Spyware applications.
    > |

    "David H. Lipman" wrote:
    > Please submit a sample of "tibprxy.exe" to Virus Total --
    > [snip]
    > When you get the report, please post back the exact results.
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "JamesB" <JamesB@discussions.microsoft.com>

    | These are the results from Virus Total:
    | Antivirus: Version (Update) Result
    |

    | ClamAV: devel-20050725 (08.26.2005) found: no virus found
    | Ikarus: 0.2.59.0 (08.26.2005) found: no virus found
    | McAfee: 4568 (08.26.2005) found: no virus found
    | Norman: 5.70.10 (08.26.2005) found: no virus found
    | Sophos: 3.97.0 (08.26.2005) found: no virus found
    | Symantec: 8.0 (08.25.2005) found: no virus found

    |
    | It looks like 6 out of 23 missed it, including our inhouse AV app Norton
    | AntiVirus - Corporate Eddition.
    |
    | Thanks for all your help.


    Neither did McAfee and Sophos catch it. I wonder if Trend Micro recognizes this as well....

    If you could PLEASE send me a copy in a password protected ZIP file ( including the password
    used ) I will submit the sample to the liaisons I have with AV vendors who missed it and
    also submit to those other AV vendors that failed to identify it.

    To send email, just remove ~nospam~ from either or both of the following email addresses...
    DLipman~nospam~@Verizon.Net

    David_H_Lipman~nospam~@Yahoo.Com

    Thanx !
    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

    | From: "JamesB" <JamesB@discussions.microsoft.com>
    |
    |> These are the results from Virus Total:
    |> Antivirus: Version (Update) Result
    |>
    |> ClamAV: devel-20050725 (08.26.2005) found: no virus found
    |> Ikarus: 0.2.59.0 (08.26.2005) found: no virus found
    |> McAfee: 4568 (08.26.2005) found: no virus found
    |> Norman: 5.70.10 (08.26.2005) found: no virus found
    |> Sophos: 3.97.0 (08.26.2005) found: no virus found
    |> Symantec: 8.0 (08.25.2005) found: no virus found
    |
    |> It looks like 6 out of 23 missed it, including our inhouse AV app Norton
    |> AntiVirus - Corporate Eddition.
    |>
    |> Thanks for all your help.
    |
    | Neither did McAfee and Sophos catch it. I wonder if Trend Micro recognizes this as
    | well....
    |
    | If you could PLEASE send me a copy in a password protected ZIP file ( including the
    | password used ) I will submit the sample to the liaisons I have with AV vendors who missed
    | it and also submit to those other AV vendors that failed to identify it.
    |
    | To send email, just remove ~nospam~ from either or both of the following email
    | addresses... DLipman~nospam~@Verizon.Net
    |
    | David_H_Lipman~nospam~@Yahoo.Com
    |
    | Thanx !
    | --
    | Dave
    | http://www.claymania.com/removal-trojan-adware.html
    | http://www.ik-cs.com/got-a-virus.htm
    |

    Sample received was subsequently submitted.

    Trend Micro did recognize this infector as; TROJ_DLOADER.AKH

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    ADDENDUM:

    McAfee now recognizes this as; "Generic Downloader"
    It's signature will be released in the full DAT in either v4573 or v4574.
    In the mean time, the EXTRA.DAT file can be used.

    The following can be used to create an EXTRA.DAT.

    Copy and paste the text between the dashes "-------------" (including the empty line) and
    save the text in a file called EXTRA.DAT.

    Search for the file SCAN.DAT in; C:\Program Files\Common Files

    Copy the EXTRA.DAT file and save it in the folder found containing SCAN.DAT.
    [ Example: C:\Program Files\Common Files\Network Associates\Engine ]

    -------------
    74 178 152 178 77 51 202 214 99 86 255 218 110 19 201 220
    122 93 225 220 108 87 232 193 217 59 141 179 13 51 141 179
    29 51 114 178 121 204 158 63 28 51 92 146 92 239 188 225
    55 92 183 220 57 134 82 197 113 253 128 49 10 49 236 209
    13 51 140 179 25 254 143 180 13 125 138
    5609 256 13104 519 Generic Downloader


    -------------


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
Ask a new question

Read More

Windows XP