Troj/Tubmo-A

Please read the instructions for removing Trojans.

Troj/Tubmo-A can be removed via the control panel. Go to Start|Settings|Control Panel|Add/Remove Programs and select the "LOP Uninstall" item.

Troj/Tubmo-A is a program intended to carry out "active reconfiguration" of your web browser in order to encourage you to go to specific websites and portals when you use the web.

When running, Troj/Tubmo-A unpacks a second program into your TEMP folder and executes it. This subsidiary file is also detected as Troj/Tubmo-A.

Troj/Tubmo-A makes a number of changes to your system, including: creating weblinks on your desktop; adding bookmarks; removing existing web toolbars; changing start and search pages; automatically downloading updated versions or additional programs and installing them on your computer; sending information from your computer out to a remote server; changing the registry so it loads itself silently on subsequent reboots; and more. Troj/Tubmo-A chooses random filenames when installing its components, so that it cannot be spotted by its name alone.

Note, however, that Troj/Tubmo-A asks for consent before installing itself, so it is unlikely to get onto a computer entirely by mistake. If you find that users on your network are in the habit of installing programs of this sort, Sophos suggests that you prohibit this behaviour as a part of your formal company policy. This will help to discourage the casual installation of unknown and untrusted software on company networks.