According to an alert from Symantec, the infected e-mail arrives with a: subject line: Outlook Express Update; message: MSNSoftware Co.; and attachment: Mmsn_offline.htm
Administrators are urged to look for the following files to cleanup Gigger:
C:\Bla.hta C:\B.htm C:\Windows\Samples\Wsh\Charts.js C:\Windows\Help\Mmsn_offline.htm
Administrators should also look for the following line in the Autoexe.bat file:
ECHO y|format C:
That line will reformat the computer's C drive if it is restarted.
Gigger will also drop a script.ini file in order to spread itself by mIRC chat clients. The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
Gigger also adds the value: NAV DefAlert to the registry key
Gigger also attempts to spread via network connections by searching network drives and copying itself as:
It will then attempt to delete all files on the local hard drive.