Gigger cleanup

Gigger cleanup

JS.Gigger.A@mm is a Javascript worm that spreads via Outlook and mIRC chat clients. Its destructive payload takes...

aim at all files stored on an infected computer and tries to reformat the machine's C drive.

According to an alert from Symantec, the infected e-mail arrives with a: subject line: Outlook Express Update; message: MSNSoftware Co.; and attachment: Mmsn_offline.htm

Administrators are urged to look for the following files to cleanup Gigger:

C:\Bla.hta
C:\B.htm 
C:\Windows\Samples\Wsh\Charts.js 
C:\Windows\Help\Mmsn_offline.htm

Administrators should also look for the following line in the Autoexe.bat file:

 ECHO y|format C:

That line will reformat the computer's C drive if it is restarted.

Gigger will also drop a script.ini file in order to spread itself by mIRC chat clients. The worm then creates the following registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0

Gigger also adds the value: NAV DefAlert to the registry key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Gigger also attempts to spread via network connections by searching network drives and copying itself as:

\Windows\Start Menu\Programs\StartUp\Msoe.hta

It will then attempt to delete all files on the local hard drive.

Dig Deeper on Emerging Information Security Threats

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close