Fighting Spyware, Malware and Adware one File at a Time.
Navigation Links

Database of Spyware Home

About the Project

View the Database

Forums

Database of Spyware Site Map

Terms of Use

CiGiCiGi ViP

Overview

Vendor Description

 From the doc: 'a trojan like Gip to steal passwords.And it has many features like; stealing icq.ysm, miranda, rillian, aim, msn, ras and cached passwords.Now any of anti- virus programs can't find it.If they find it i will add some changes and it will be undedectable.CiGiCiGi ViP sends mails without a smtp server,so you don't need to find open relay smtp servers.I must say that this trojan doesn't send passwords to me like others. I think must of you,used trojans like sub7,Netbus and SchoolBus.I think the aim of using theese programs were stealing passwords.But there were harmful functions in them and the victim can be dameged because of them.There is no harmful functions in CiGiCiGi ViP,it doesn't damage the victim directly.It only sends his/her passwords.'

Alias

 Backdoor.Cigivip.10, Backdoor.Cigivip.15.a, Backdoor.Cigivip.17, TrojanDropper.Joiner.ae,

Category

 Password Capture: A variant of the Key Logger that captures passwords as they are entered or transmitted. Some password capture trojans impersonate the login prompt, asking the user to provide their password.

Variants

   CiGiCiGi ViP 1.0 ·  CiGiCiGi ViP 1.5 ·  CiGiCiGi ViP 1.7 ·
 

Origins

 

Author

 Fungus Kid

Others By This Author

  CiGiCiGi ViP 1.0 · CiGiCiGi ViP 1.5 · CiGiCiGi ViP 1.7 ·

Programming Language

 Delphi

Date of Origin

 Variants from October, 2002 to January, 2003

Place of Origin

 Turkey
 

Detection and Removal

Manual Removal

 Follow these steps to remove CiGiCiGi ViP from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

 Stop Running Processes:

Kill these running processes with Task Manager:



Remove Autorun Reference:

Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run


If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winsys32, delete it and reboot the machine immediately.



Unregister DLLs:

Unregister these DLLs with Regsvr32, then reboot:



Clean Registry:

Remove these registry items (if present) with RegEdit:



Remove Files:

Remove these files (if present) with Windows Explorer:



 
Checkin.B  ChineseKeywords  Chonker  Chota  ChronicleRemoteRegistryQueryTool  CiGiCiGiViP  CiGiCiGiViP1.0  CiGiCiGiViP1.5  CiGiCiGiViP1.7  CiscoIOSRouterDoSattack  
 
Site Map 2006 © Copyright DatabaseofSpyware.com. All rights reserved. Terms of Use
Another Proud Thor Schrock Development