Panda Software Releases the PQREMOVE Application to Deal With The New Worm Gibe.C

Panda Software Technical Support services have already registered the first incidents caused by this new malicious code
– Due to the complexity of the effects on computers, the international antivirus developer has released the free PQREMOVE application.

This application can detect, eliminate and repair damage caused by Gibe.C on affected computers

MADRID, September 19 2003 The new ‘C’ variant of the Gibe (W32/Gibe.C) worm, detected yesterday by PandaLabs, has become, in less than 24 hours, one of the viruses most frequently detected by PandaActiveScan. Gibe.C uses social engineering, as it reaches computers in an e-mail message that passes itself off as a security patch for Microsoft Windows operating systems. Due to the fact that Panda Software’s Technical Support Services have already registered some incidents caused by this worm, and taking into account the complexity of its effects on the affected computers, the multinational antivirus manufacturer has released the PQREMOVE application, free of charge. This application can detect and eliminate Gibe.C, as well as repair the damages caused to the computer. This can be downloaded from Panda Software’s website at: http://www.pandasoftware.com/download/utilities/.

This message has several characteristics, and it can even perfectly imitate the style of Microsoft web pages. In order to gain credibility, the sender of the e-mail message appears to be Microsoft. For example: ‘MS Technical Assistance’ or ‘MS Customer Support’, etc.

The message also includes an attached file that actually contains the Gibe.C worm and can have different names, such as Q591362.EXE.

When the attached file is run, a series of windows are displayed, which simulate the installation of the supposed patch.

When the attached file is run, a series of windows are displayed, which simulate the installation of the patch. However, these screens actually cover up the actions that the worm is carrying out. The actions carried out by this worm include disabling the Windows Registry Editor in order to prevent new entries, previously added to the registry by the worm, from being deleted.

In addition, Gibe.C displays a message that attempts to trick the user into giving confidential information.

Gibe.C ends processes belonging to several antivirus and computer security programs. This leaves the affected computer vulnerable to the attack of hackers or other malicious code.

Gibe.C can also exploit two vulnerabilities in the Microsoft Internet Explorer browser to run itself when the message carrying the worm is viewed in the Preview Pane. Finally, this worm can also spread through the peer-to-peer file sharing program KaZaA and via IRC.

Due to the incidents reported, and in order to avoid falling victim to Gibe.C, Panda Software advises users to be extremely careful with e-mail messages received and to update their antivirus solutions immediately. The multinational antivirus manufacturer has already released the updates, which ensure their antivirus solutions detect and eliminate Gibe.C. Therefore, if your software is not configured to update automatically, you can do so from the company’s website at http://www.pandasoftware.com.

Users can also detect this and other malicious code using the free, online antivirus, Panda ActiveScan, which is available on the company’s website at http://www.pandasoftware.com.

About PandaLabs

On receiving a possibly infected file, Panda Software’s technical staff get straight down to work. The file is analyzed and depending on the type, the action taken may include: disassembly, macro scanning, code analysis etc. If the file does in fact contain a new virus, the disinfection and detection routines are prepared and quickly distributed to users..