Name : BcTool.exe
Path : %WINDOWS%\BcTool.exe
[ C:\Windows\BcTool.exe ]
type : Internet
Name : W32.Gibe.A@mm
Alias : I-Worm.Gibe.A, W32/Gibe-A,
level : LOW
is dropped by Gibe Worm. It is an Internet worm uses Microsoft Outlook
and its own SMTP engine to spread. The worm is
122880 bytes long and the e-mail attachment name
will be "Q216309.exe". Gibe worm sends fakes
email as it is an update coming from
this is the latest version of security
update, the update which eliminates all known
security vulnerabilities affecting Internet
Explorer and MS Outlook/Express as well as six
new vulnerabilities, and is discussed in
Microsoft Security Bulletin MS02-005. Install now
to protect your computer from these
vulnerabilities, the most serious of which could
allow an attacker to run code on your computer.
Description of several well-know
- "Incorrect MIME Header Can Cause IE
to Execute E-mail Attachment" vulnerability.
If a malicious user sends an affected HTML e-mail
or hosts an affected e-mail on a Web site, and a
user opens the e-mail or visits the Web site,
Internet Explorer automatically runs the
executable on the user's computer.
- A vulnerability that could allow an
unauthorized user to learn the location of cached
content on your computer. This could enable the
unauthorized user to launch compiled HTML Help (.chm)
files that contain shortcuts to executables,
thereby enabling the unauthorized user to run the
executables on your computer.
- A new variant of the "Frame Domain
Verification" vulnerability could enable a
malicious Web site operator to open two browser
windows, one in the Web site's domain and the
other on your local file system, and to pass
information from your computer to the Web site.
- CLSID extension vulnerability.
Attachments which end with a CLSID file extension
do not show the actual full extension of the file
when saved and viewed with Windows Explorer. This
allows dangerous file types to look as though
they are simple, harmless files - such as JPG or
WAV files - that do not need to be blocked.
Versions of Windows no earlier than Windows 95.
This update applies to:
Versions of Internet Explorer no earlier than 4.01
Versions of MS Outlook no earlier than 8.00
Versions of MS Outlook Express no earlier than 4.01
How to install
Run attached file q216309.exe
How to use
You don't need to do anything after installing
For more information about these issues,
read Microsoft Security Bulletin MS02-005, or
visit link below.
If you have some questions about this article
contact us at email@example.com
Thank you for using Microsoft products.
With friendly greetings,
MS Internet Security Center.
Microsoft is registered trademark of Microsoft
Windows and Outlook are trademarks of Microsoft
executed, the worm displays the following message
the user clicks "yes", the worm
displays the following message box. If the user
selects "No", the worm won't display
any message box. But it will install in the
the user tries to install second time, the worm
displays the following message box.
worm drops several components in the system. It
drops Q216309.exe, BcTool.exe, WinNetw.exe,
directory and Vtnmsccd.dll in
the Windows System directory.
also creats creates the following registry keys
"3DfxAcc" = "\%WinDir%\GfxAcc.exe"
"LoadDBackUp" = "\%WinDir%\BcTool.exe"
"Installed" = "... by Begbie"
Finally, Gibe worm e-mails
the infected messages using the addresses stored
in 02_N803.dat. Gibe worm is also known
as W32.Gibe.A@mm, W32/Gibe-A, WORM_GIBE.A.
How can I protect my
Solo has incorporated
BcTool.exe in its signature file to protect users
from this worm attack. Solo antivirus registered
users are already protected from this worm. Make
sure that you have installed registered version
of Solo Antivirus to protect your system from all
to remove this worm?
you are already infected with BcTool.exe process,
you can remove it from your computer using Solo
Antivirus software. Solo antivirus can
detect and remove W32.Gibe.A@mm safely.
Use the following link to Download 30 day
trial version of Solo antivirus to
remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VBS, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link