Gigger cleanup

Gigger cleanup

This Content Component encountered an error

JS.Gigger.A@mm is a Javascript worm that spreads via Outlook and mIRC chat clients. Its destructive payload takes aim at all files stored on an infected computer and tries to reformat the machine's C drive.

According to an alert from Symantec, the infected e-mail arrives with a: subject line: Outlook Express Update; message: MSNSoftware Co.; and attachment: Mmsn_offline.htm

Administrators are urged to look for the following files to cleanup Gigger:

C:\Bla.hta
C:\B.htm 
C:\Windows\Samples\Wsh\Charts.js 
C:\Windows\Help\Mmsn_offline.htm

Administrators should also look for the following line in the Autoexe.bat file:

 ECHO y|format C:

That line will reformat the computer's C drive if it is restarted.

Gigger will also drop a script.ini file in order to spread itself by mIRC chat clients. The worm then creates the following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0

Gigger also adds the value: NAV DefAlert to the registry key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Gigger also attempts to spread via network connections by searching network drives and copying itself as:

\Windows\Start Menu\Programs\StartUp\Msoe.hta

It will then attempt to delete all files on the local hard drive.

Dig deeper on Emerging Information Security Threats

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close