By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
aim at all files stored on an infected computer and tries to reformat the machine's C drive.
According to an alert from Symantec, the infected e-mail arrives with a: subject line: Outlook Express Update; message: MSNSoftware Co.; and attachment: Mmsn_offline.htm
Administrators are urged to look for the following files to cleanup Gigger:
C:\Bla.hta C:\B.htm C:\Windows\Samples\Wsh\Charts.js C:\Windows\Help\Mmsn_offline.htm
Administrators should also look for the following line in the Autoexe.bat file:
ECHO y|format C:
That line will reformat the computer's C drive if it is restarted.
Gigger will also drop a script.ini file in order to spread itself by mIRC chat clients. The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
Gigger also adds the value: NAV DefAlert to the registry key
Gigger also attempts to spread via network connections by searching network drives and copying itself as:
It will then attempt to delete all files on the local hard drive.