W32/Tibs.IC is a Trojan that will infect Windows systems.

Upon execution, it drops diperito [random characters].sys in Windows System folder.

It also drops a non malicious file diperto.ini in Windows System folder.


It registers itself as a windows service by name diperto [random characters] to load itself during each startup. It modifies the registry at the following location to achieve the same:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

Technical details can be found at this Trend Micro page.