Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It creates files on the desktop and simulates a Windows update.
|First detected on:||March 7, 2002|
|Detection updated on:||Sept. 21, 2009|
|Yes, using TruPrevent Technologies
Gibe is a worm that spreads via e-mail in a message that always includes an attached file called: Q126309.EXE.
Its effects are more annoying than damaging, as when Gibe carries out its infection, it simulates a Windows update while it install the components it needs to carry out infection.
Gibe is easy to recognize, as it reaches computers in an e-mail message with the subject: Internet Security Update and an attached file called Q126309.EXE .
When the attached file is run, a message is displayed that prompts users to confirm if they want to install an update for Microsoft applications:
If the user clicks on Yes, Gibe simulates the installation of new components and displays the following message:
When it has carried out its actions, it displays the following message:
When this process is complete, if the user of the affected computer tries to run the attached file again, Gibe displays the following message:
Gibe also places 5 files on the desktop: BCTOOL.EXE, GFXACC.EXE, Q216309.EXE, WINNETW.EXE and 02_N803.DAT.