Posted on 03/07/2002 4:34:56 PM PST by ex-Texan
Win32.Gibe trojan, worm
Win32/Gibe is a buggy mass-mailing worm that utilizes Microsoft Outlook and the SMTP to propagate.
The email pretends to be an official message from Microsoft Corp. carrying the latest version of a security update for Internet Explorer and MS Outlook/Express.
The attachment name is: q216309.exe
If the attachment is executed, the worm will drop 4 files into the Windows directory and execute them:
WinNetW.exe, BcTool.exe - mass-mailing components
GfxAcc.exe - Backdoor Trojan listening on port 12378
q216309.exe - copy of itself
A DLL is also dropped into the System Directory:
vtnmsccd.dll - copy of itself
The worm creates the file 02_N803.dat in the Windows directory to store any email addresses collected from the local system.
The following registry modifications are also made:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LoadDBackUp =
"C:\WINDOWS\BcTool.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\3Dfx Acc =
"C:\WINDOWS\GFXAcc.exe"
This will cause the backdoor trojan and the mass-mailing component to execute upon Windows startup.
Then the worm will wipe out your hard drive and its files !!
Fist approach: 4 bytes; 20 t-states. Second approach: 7 bytes; 32 t-states, but does not trash HL. Turbo Pascal's approach: 15 bytes; lots of t-states.
It's no big deal, just a bunch of old college papers that I'd like to recover.
Use a program called "22DISK" [find via Google or other means] to read the files over to your PC. If the files aren't ASCII-text format, use "22NICE" to run PerfectWriter on your PC. 22NICE is actually a pretty amazing program, since it lets you run CP/M utilities on MS-DOS file systems. You have to select what directories you're going to use beforehand (SUBST can be very handy) but otherwise 22NICE works well enough it's easy to forget that you're not using DOS programs.
Let's use an analogy to see the flaw in your system.
I have a policy. If I get a proposition from a stranger to have sex, I say no. If a freind asks me to have sex, I ask them if they have had sex with anyone else. If they say no, then I accept.
Files on a machine are not the same as bodily fluids from human beings. Comparing having sex with strangers to receiving a file from an unknown source, while cute, is not a useful analogy.
Why a Z80? The last time a wrote code for a Z80 was in the late 70's...
Yes it is. Opening up your computer to every Tom, Dick and Harry that wants to put something inside it is no more safe for your computer than sleeping around is for a human.
Why do you think they call it a virus?
sigh
Let's look at the obvious straight off the bat, ok?
I can test anything coming into my computer in a matter of seconds - can't do that with people.
I shut my computer off for thirty minutes or more - can't do that myself. If I stop functioning, I die. If the machine stops functioning, I restart it.
Human disease kills. Computer virii destroys data. Computer data can be backed up (like mine is) and restored. Human life cannot be backed up and restored.
Not that my opinions matter - obviously, you know exactly what you're talking about, and I'm just a poor inept end-user.
I am going to have to do something about my attitude. Yikes, it even comes across in my writing. For the record, I think your okay even if you computer is a slut :)
Maybe the following bit of humor will better make my point...and maybe yours too!
Ten things I love about my computer
1. I spend a lot of time with her and enjoy every minute.
2. She rarely gives me trouble.
3. If she ever does give me trouble, I can trade her in for a new one and she will sit quietly in the corner without another word processed about it.
4. I can change her look and feel.
5. If she gets a virus, several doctors can cure her, and no matter how much contact I had with her, she never gives it to me.
6. She is a lot better at math and spelling than me.
7. At first, my mom did not understand her, but now she loves her too.
8. If I want to look at other computers, she will point me to them.
9. She plays a great game of solitaire.
10. And the number one reason I love my computer, she has really beautiful icons.
Saw that on GoGov.com and really loved it. Anyhow my friend, all the best.
A stranger offers you a cup of your favorite beverate: do you accept? A friend offers you a cup of your favorite beverage: do you accept? Certainly either cup could contain harmful contaminants, but most people would be willing to accept beverages from their friends.
Client insists on STD-bus, and slightly-less-strongly insists on Z80. I don't know of any inexpensive x86 STD cards; a 586 would work but I've not seen any of those under $400.
Ah, the dangers of posting analogies. Okay, I give up. I'll stick with this for my advice, take it if you choose.
Never, ever open an attachment from anyone, not even people you know. You do not know where their computer has been. If their computer has a virus, that virus can very easily find its way to your computer by simple file sharing - which is what opening an attachment is.
Wow, thank you! 22Nice seems to need DOS, and I'm running NT, but 22Disk looks like it will do the job. I just have to reinstall my old 5&1/4 drive and there's a good chance that I can get those files back. Thanks again!
I develop software for embedded systems. Sometimes I have to send someone some code for testing. If they were unwilling to use attachments, how would you suggest I get it to them? Carrier pigeon?
Perhaps we should have made clear that there's a big difference between opening up widely-circulated attachments versus opening attachments which are explicitly requested and expected.
[BTW, even there I usually encrypt attachments in ZIP files, using an agreed-upon password. I know ZIP's encryption isn't secure, but what are the odds that a worm is going to send me a copy of itself encrypted in a ZIP file using the same key as my associate?
I've used 22NICE under NT without difficulty.
That aside, I think you would concur with me that people should not open file attachments from anyone, even someone they know, unless that someone is under contract to work on their computer and is willing to take the liabilty for any damage caused to their system by that person.
Programmers and Hackers are very capable of writing code that will ultimately destroy hardware too. Not only is data at risk. Here is a good example: Say someone wants to kill your machine. All they have to do is write code that will flash and corrupt your bios rom. Duh! After that your machine will not boot, give you any kind of display, etc. I don't know about you but I'm not in a hurry to go buy a new motherboard. I happen to like the one I have now. Don't under estimate the capabilities of viruses and the like.
And after that happens, I reposition the jumper that returns my BIOS to its original configuration, reboot, wait till it beeps, shut down, and put the jumper back in its original position.
Trust me, I don't underestimate the capability of a virus. I deal with it everyday in my job.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.