Skip to comments.
Nasty New Trojan Pretends to Be Offical Microsoft Security Update Message
Computer Associates ^
| 3/7/2002
| Staff
Posted on 03/07/2002 4:34:56 PM PST by ex-Texan
Win32.Gibe trojan, worm
Win32/Gibe is a buggy mass-mailing worm that utilizes Microsoft Outlook and the SMTP to propagate.
The email pretends to be an official message from Microsoft Corp. carrying the latest version of a security update for Internet Explorer and MS Outlook/Express.
The attachment name is: q216309.exe
If the attachment is executed, the worm will drop 4 files into the Windows directory and execute them:
WinNetW.exe, BcTool.exe - mass-mailing components
GfxAcc.exe - Backdoor Trojan listening on port 12378
q216309.exe - copy of itself
A DLL is also dropped into the System Directory:
vtnmsccd.dll - copy of itself
The worm creates the file 02_N803.dat in the Windows directory to store any email addresses collected from the local system.
The following registry modifications are also made:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LoadDBackUp =
"C:\WINDOWS\BcTool.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\3Dfx Acc =
"C:\WINDOWS\GFXAcc.exe"
This will cause the backdoor trojan and the mass-mailing component to execute upon Windows startup.
Then the worm will wipe out your hard drive and its files !!
TOPICS: Announcements; Breaking News; Culture/Society
KEYWORDS: techindex
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-62 next last
1
posted on
03/07/2002 4:34:56 PM PST
by
ex-Texan
To: ex-Texan
It is not fun posting on every thread and annoying all of you. We are volunteers and do so because we love Free Republic and want to see it continue for a long time.
Ask yourself these questions:
Where is the first place I go to on the internet to find out what's happening with politics?
Am I getting any benefit from Free Republic?
Am I learning from Free Republic?
Free Republic is not free. It costs Jim Robinson tens of thousands of dollars to keep this forum running. There are almost 80,000 registered users on Free Republic and approximately 1,000 Freepers help keep this forum running. Those who do not have the ability to donate money could help by bumping the threads once in a while. I've been in a position where the funds were low and every penny was needed to pay for frivolous things such as food. Those who do have the means should be ashamed of yourselves. You are a FReeploader. Go ahead, flame me. I don't care. I contribute to Free Republic, and I for one do not want to see this forum dead.
If everyone who registered donated one measly dollar a month, we would never have to have a fundraiser again. Thus ending the silly graphics and posts. But, it's not happening, so we will continue this annoying process until we reach our goal.
Because The Constitution Still Matters - Freepathon Thread 3
Or Mail your check to:
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794
To donate By Paypal:
Send PayPal direct to JimRob@psnw.com
2
posted on
03/07/2002 4:35:40 PM PST
by
WIMom
To: ex-Texan
To: ex-Texan
bump for the alert to all.
I don`t use Outlook, too many holes.
4
posted on
03/07/2002 4:40:42 PM PST
by
fineright
To: ex-Texan
5
posted on
03/07/2002 4:43:28 PM PST
by
pubmom
To: ex-Texan
The big question is "when is the last time anyone got a message from MS with an executable attachment?" I've never seen one myself.
To: Tennessee_Bob
Well, I use Windows, and I get them all the time. Maybe Gates sends them out from his office /sarcasm
To: ex-Texan
8
posted on
03/07/2002 4:51:18 PM PST
by
Clive
To: ex-Texan
I am an automatically-billed member. I'm not rich, but I give gladly; this site has literally changed the world.
Please, freepers, sign up for just a little each month. Just sign up for $3 a month--will you really miss that? It's easy, automatically billed to a credit card, and you get the satisfaction of being more than just a reader. You become a contributor to freedom, you really do.
If you have ever asked yourself, "what can I possibly do that truly helps change the world?", well, this is all you have to do. Sign up for $3 a month, and you have helped change the world. Every minute, every day.
If you think that just $3 a month won't make a difference, or that it is embarassing, because you wish you could afford more, YOU ARE WRONG!!! A dime a day, that's all it takes, and you will be so greatefully thanked!
Become a single, solid, brick in the fortress of freedom we build here together, as friends and freedom fighting buddies in the trench together. That's all it takes, really!
If we were together fighting on the battle field, I know that you would pick up a shovel and help me dig a foxhole, I know you would! We are grunts in the trenches, and we are what makes the whole thing work.
Join me; become a brick for freedom! PLEASE sign up for just a couple of bucks a month. Please? Nobody here is making a profit, or living large. They operate from day to day, with no thought of profit. This site depends on us troopers on the field, please sign up? Do it now--you want to! You will feel GREAT!
Did I say please?
9
posted on
03/07/2002 4:52:16 PM PST
by
MonroeDNA
To: ex-Texan
The problem is simple to solve go to 98lite.net download 98lite and remove IE and Outlook from your computer. No IE and Outlook No Problem!!!
10
posted on
03/07/2002 4:53:30 PM PST
by
amigatec
To: ex-Texan
Or you can go to linux-mandrake.com and install the ultimate Service Pack, Mandrake 8.1 :-)
Flame away!!!
11
posted on
03/07/2002 4:55:33 PM PST
by
amigatec
To: ex-Texan
Oh, great -- now we're going to have more Mac and Linux promoters starting another War of the OSes. Let me just summarize their posts: "If you didn't use that piece of Bill Gate$ poop from Micro$lime you wouldn't be getting no viruses! Blah, blah, blah."
I've used Linux for many years and the first non-mainframe programming I ever did was on an Apple. I like them both, but they're operating systems, for goodness sakes, not infallible dieties!
To: Tennessee_Bob
I was going to say the same thing!
To: DallasMike; RedbloodedAmerican
Linux Sucks! Macs Suck! Windows is Great!!
Windows Sucks! Linux Sucks! Macs are Great!!
Macs Suck! Windows Sucks! Linux is Great!!
I think that covers it all...well, except for this
CP/M RULES!
To: ex-Texan
This trojan was sent to me yesterday and it looked VERY suspicious. Fortunately my firewall stripped off the exe file.
15
posted on
03/07/2002 5:01:49 PM PST
by
ironman
To: ex-Texan
How does a person get rid of the worm if a person opens up the message? Is there any help? Will McAfee or Norton Anti-virus programs catch the sucker?
To: ex-Texan
Go Southern Cal!..............
To: amigatec
To: hole_n_one
Ok, well, if she shows up and says she wants to trash my computer it might be ok.....
To: hole_n_one
Hello!
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-62 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson
