Home / malware JS.Gigger.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
JS.Gigger.A is also known as N/A.
Explanation :
This worm spreads through e-mail, and local networks and also infects HTML and ASP files.
The format of an infected e-mail is:
From:
Subject: Outlook Express Update
Body: MSNSofware Co.
or
Body: Microsoft Outlook 98
Attachment: mmsn_offline.htm
If the user opens the attached HTML page, will start the virus which will copy itself in locations shown above (in Symptoms section). Also the virus will try to send itself to all the contacts from the Outlook Address Book and from the Windows Address Book. To send e-mail it will try using Outlook and with the MAPI (Mailing Application Programming Interface) Handler (the default handler is Outlook Express).
If the virus cannot create several scripting objects it tries to write in c:\autoexec.bat the line Echo y |â•Âformat c: which on Windows 95/98/ME will attempt to format the drive C: at the next restart.
The virus creates the registry key:
Software\Microsoft\Windows\CurrentVersion\Run\NAV DefAlert
with the value C:\Windows\Samples\WSH\charts.vbs which will execute that script at every restart.
To infect in local networks the virus will try to write in shares the file
C:\Windows\Start Menu\Programs\StartUp\msoe.hta where it will copy itself.
Also the virus creates the script.ini file for mIRC to send the mmsn_offline.htm file to all the persons who will chat with the victim.Last update 21 November 2011
