Title: Tinba
Type: Trojans
Also known as: Trojan.Tinba, zusy

Remove Tinba
Removal instructions

 
Severity scale:Tinba severity is 95  (95 / 100)
 

Tinba is a malicious Trojan horse, which steals personal and sensitive information from the compromised computer. This malicious parasite is able to add/remove files and folders, make registry changes and inject into other programs. Additionally it monitors and records network traffic information in the following file:

%SystemDrive%\Documents and Settings\All Users\Application Data\default\web.dat

Moreover, Tinba modifies Mozilla Firefox, to disable warnings when you’re visiting insecure sites. It also modifies system registry to be able to execute every time Windows starts. It will inject malicious code to Internet Explorer, Google Chrome and Mozilla Firefox. Then it injects itself to explorer.exe and svchost.exe processes, and tries to end them.

Trojan Timba has another name - Zusy. Timba is famous for its really small size. Including all webinjects and configs it weights only 20kb. It comes without any packing or encryption. Trojan Tinba (Zusy) belongs to the completely new family of malware, security experts believe that we will see more activity from this family this year. The first ones who discovered this trojan were CSIS Security Group A/S. The name was shortened from the words "Tiny Banker" - Tinba. This is a trojan which hooks into browsers and steals all sensitive data, including but not limited to logins and credit card numbers. Trojan is not detected by most antivirus software.
Trojan timba uses really sneaky techniques, it infects itself into legitimate processes like explorer.exe, svchost.exe, firefox.exe also it creates process called winvert.exe. It target very small list or sites, moslty financial websites.

Here’s a list of command-and-control (C&C) servers, to which Tinba tries to send the stolen information:

  • [http://]dakotavolandos.com
  • [http://]dakotavolandos.com
  • [http://]dak1otavola1ndos.com
  • [http://]dako22tavol2andos.com
  • [http://]d3akotav33olandos.com
  • [http://]d4ak4otavolandos.com


Automatic Tinba removal:

It might be that we are affiliated with any of our recommended products. Full disclosure can be found in our Agreement of Use.
By downloading any of provided Anti-spyware software to remove Tinba you agree with our Privacy Policy and Agreement of Use.
SpyHunter is recommended remover to uninstall Tinba. You should confirm using free trial that it detects current version of parasite.

Note: Manual assistance required means that one or all of removers were unable to remove parasite without some manual intervention, please read manual removal instructions below.

If you failed to remove Tinba using SpyHunter, submit question to our support team and provide as much details as possible.
dot
STOPzilla
download
manual required
We are testing STOPzilla's efficiency at removing Tinba (2012-06-01 08:52:12)
dot
Malwarebytes Anti Malware
download
manual required
We are testing Malwarebytes Anti Malware's efficiency at removing Tinba (2012-06-01 08:52:12)
dot
XoftSpySE Anti Spyware
download
manual required
We are testing XoftSpySE Anti Spyware's efficiency at removing Tinba (2012-06-01 08:52:12)
dot
Defender Pro Ultimate
download
manual required
We are testing Defender Pro Ultimate's efficiency at removing Tinba (2012-06-01 08:52:12)

what to do if you failed to remove the infection?
Virus Removal
Phone Support
Help Line to remove Tinba
Tinba snapshot:

Tinba manual removal:

Kill processes:
bin.exe
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"default" = "%SystemDrive%\Documents and Settings\All Users\Application Data\default\bin.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\"1609" = "0"
Delete files:
%SystemDrive%\Documents and Settings\All Users\Application Data\default\bin.exe

QR code for Tinba removal instructions:

Tinba qrcode
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than standard barcodes, including url links, geo coordinates, and text.

The reason we add QR code to the website is that parasites like Tinba are really hard to remove on infected computer. you can quicly scan the QR code with your mobile device and have manual removal instructions to uninstall Tinba right in your pocket.

Simply use the QR scanner and read removal instructions from mobile device.
Information added: 2012-06-01 08:52:12
Information updated: 2012-06-03 17:24:40

Additional resources:

Attention: If you know know a reputable website reated to security threats, please add a link here: add url

Post Comment:

Attention: Use this form only if you have additional information about Tinba parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.
Home page Name



«


* All field required
Like us on Facebook
Latest spyware news:
Subscribe to spyware news
Please enter your e-mail address:
If you do not want to receive our spyware
newsletter please unsubscribe here
48462 Subscribers
Ask us
I failed to remove Tinba using SpyHunter.

Email


Close

Spreading the knowledge:

It is very hard to fight against computer parasites on the Internet alone. If you have a website, we would be more than happy if you would like to cooperate and help us spread the information about latest threats. Remember, knowledge is the most powerful weapon. Help your visitors protect their computers!
add text box
rss feed
help other