W32/Tibs.HY is a Trojan that will infect Windows systems.

Upon execution, it drops the following files:

  • kernelwind64.exe in Windows System folder
  • dllgh8jkd1q8.exe in Windows System folder.

    The Trojan modifies registry at the following location to load itself during each startup:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System

    The Trojan changes the firewall policies of the local computer.

    It also disables the Windows Task Manager.

    More information can be found at this Proland Software page.