high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing infected executable files.
More Information
JS/Gigger-A is a JavaScript virus which arrives as an email message with one of the following sets of characteristics:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachment: Mmsn_offline.htm
or
Subject: recipient@Address, i.e. the email address of the recipient
Message: Microsoft Outlook 98.
Attachment: Mmsn_offline.htm
If the virus is executed, it will attempt to drop the following files:
C:\Bla.hta
C:\B.htm
C:\Windows\Samples\Wsh\Charts.js
C:\Windows\Samples\Wsh\Charts.vbs
C:\Windows\Help\Mmsn_offline.htm
It will also create files called Script.ini in folders containing a file with the extension INI or HLP. These files will be detected as mIRC/Simp-Fam.
The virus will infect HTM, HTML and ASP files and attempts to add the line
Echo y|format c:
to C:\Autoexec.bat. This will have the effect of attempting to format drive C: on restart in versions of Windows which use the character Y for Yes.
JS/Gigger-A forwards itself to all contacts in the user's address book, and creates the following registry keys:
HKCU\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKCU\Software\TheGrave\badUsers\v2.0
and adds the value 'NAV DefAlert' to the registry key
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The virus contains the text "This virus is donation from all Bulgarians".
|
