Content
JS/Gigger.a@MM
- Type
- Virus
- SubType
- JavaScript
- Discovery Date
- 01/10/2002
- Length
- 8,556
- Minimum DAT
- 4141 (05/30/2001)
- Updated DAT
- 4141 (05/30/2001)
- Minimum Engine
- 5.1.00
- Description Added
- 01/10/2002
- Description Modified
- 09/18/2002 10:11 AM (PT)
Tab Navigation
Characteristics
This threat is detected as VBS/Generic@MM with the 4141 DATs or newer. It arrives via Internet Relay Chat, or in an email message containing the following information:
| Subject: | Outlook Express Update |
| Body: | MSNSofware Co. |
| Attachment: | Mmsn_offline.htm |
- C:\B.HTM
- C:\BLA.HTA
- C:\WINDOWS\help\mmsn_offline.htm
- C:\WINDOWS\SAMPLES\WSH\Charts.js
- %drive letter%\Start Menu\Programs\StartUp\msoe.hta (on network drives)
All SCRIPT.INI files are overwritten with mIRC script commands to send the virus to others when they join a channel that an infected user is on. All .ASP, .HTM, and .HTML files are overwritten with the virus code. The content of all other files is deleted if the day is 1,5,10,15, or 20, leaving them with 0 bytes of data.
The following registry keys are created:
- HKEY_LOCAL_SYSTEM\Software\Microsoft\Windows\CurrentVersion\
Run\NAV DefAlert=C:\WINDOWS\help\mmsn_offline.htm - HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
Symptoms
- Windows gives an error upon reboot, "Error in EXE file"
- Most files have been changed to 0 bytes in length
- Most files have the default Windows icon associated with them
Method of Infection
This virus arrives as an email attachment or embedded JavaScript inside an email message.
Removal
All Users:
Use current engine and DAT files for detection and removal.
If the virus executed on the system, the user may have to reinstall the operating system, all applications, and restore any documents from backup.
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Aliases
- JS.Gigger.A@mm (NAV)
Characteristics
Characteristics -
This threat is detected as VBS/Generic@MM with the 4141 DATs or newer. It arrives via Internet Relay Chat, or in an email message containing the following information:
| Subject: | Outlook Express Update |
| Body: | MSNSofware Co. |
| Attachment: | Mmsn_offline.htm |
- C:\B.HTM
- C:\BLA.HTA
- C:\WINDOWS\help\mmsn_offline.htm
- C:\WINDOWS\SAMPLES\WSH\Charts.js
- %drive letter%\Start Menu\Programs\StartUp\msoe.hta (on network drives)
All SCRIPT.INI files are overwritten with mIRC script commands to send the virus to others when they join a channel that an infected user is on. All .ASP, .HTM, and .HTML files are overwritten with the virus code. The content of all other files is deleted if the day is 1,5,10,15, or 20, leaving them with 0 bytes of data.
The following registry keys are created:
- HKEY_LOCAL_SYSTEM\Software\Microsoft\Windows\CurrentVersion\
Run\NAV DefAlert=C:\WINDOWS\help\mmsn_offline.htm - HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
Symptoms
Symptoms -
- Windows gives an error upon reboot, "Error in EXE file"
- Most files have been changed to 0 bytes in length
- Most files have the default Windows icon associated with them
Method of Infection
Method of Infection -
This virus arrives as an email attachment or embedded JavaScript inside an email message.
Removal -
Removal -
All Users:
Use current engine and DAT files for detection and removal.
If the virus executed on the system, the user may have to reinstall the operating system, all applications, and restore any documents from backup.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
