By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
aim at all files stored on an infected computer and tries to reformat the machine's C drive.
According to an alert from Symantec, the infected e-mail arrives with a: subject line: Outlook Express Update; message: MSNSoftware Co.; and attachment: Mmsn_offline.htm
Administrators are urged to look for the following files to cleanup Gigger:
C:\Bla.hta C:\B.htm C:\Windows\Samples\Wsh\Charts.js C:\Windows\Help\Mmsn_offline.htm
Administrators should also look for the following line in the Autoexe.bat file:
ECHO y|format C:
That line will reformat the computer's C drive if it is restarted.
Gigger will also drop a script.ini file in order to spread itself by mIRC chat clients. The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
Gigger also adds the value: NAV DefAlert to the registry key
Gigger also attempts to spread via network connections by searching network drives and copying itself as:
It will then attempt to delete all files on the local hard drive.