GiftCom is an Internet worm that spreads to other computers through unpatched security vulnerabilities and via instant messages using popular chat programs including ICQ, AIM, MSN Messenger and Yahoo! Messenger. The parasite sends bogus messages containing links to malicious files to all the contacts in the victim's buddy list. Once the user follows such a link, GiftCom is silently downloaded and installed to the system.
winrpc.exe
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServiceswinrpcHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesMessengerStart=4HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesRemoteRegistryStart=4HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTlntSvrStart=4HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaRestrictAnonymous=1HKEY_LOCAL_MACHINESOFTWAREMicrosoftOleEnableDCOM=nHKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateDoNotAllowXPSP2=1