NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove GiftCom. Description and removal instructions

 
Title: GiftCom
Type: Worms
Severity scale:GiftCom severity is 75  (75 / 100)
 
GiftCom is an Internet worm that spreads to other computers through unpatched security vulnerabilities and via instant messages using popular chat programs including ICQ, AIM, MSN Messenger and Yahoo! Messenger. The parasite sends bogus messages containing links to malicious files to all the contacts in the victim's buddy list. Once the user follows such a link, GiftCom is silently downloaded and installed to the system. The worm comes with a rootkit that hides all harmful processes and files from most antivirus tools. The GiftCom's payload is comprised of several malicious functions. First of all, the worm disables some Windows essential components and terminates running antiviruses and security-related programs. Then it runs a backdoor component, which provides the attacker with unauthorized remote access to the compromised computer. The intruder can log user keystrokes, set up a hidden FTP server, intercept network and Internet traffic, contact specified web resources and steal user sensitive information. GiftCom can also change the web browser's default home page and download a variant of the Sdbot worm. The threat automatically runs as a service on every Windows startup.

FORUM:
Discuss GiftCom in
spyware removal forum

GiftCom properties:
• Allows remote user connection
• Logs keystrokes
• Changes browser settings
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic GiftCom removal:

remover for GiftCom

GiftCom manual removal:

Kill processes:
winrpc.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winrpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Messenger\Start=4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Start=4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Start=4
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\RestrictAnonymous=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\EnableDCOM=n
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotAllowXPSP2=1
HELP:
how to remove registry entries

Delete files:
winrpc.exe
HELP:
how to remove harmful files

Misc:
The winrpc.exe file can be found in main Windows folder, which is usually C:\Windows or C:\Winnt.

Other programs to remove GiftCom:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 26/12/05
Information updated: 26/12/05

Additional resources related to GiftCom:

Attention: If you know or you have a website or page about GiftCom removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about GiftCom parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Related news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.