SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  Chart.vbs

Name Chart.vbs

Description

I-Worm.Gigger
JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread.
It infects .html files.
Attempts to delete all files on the computer and to format drive C if the computer is successfully restarted.

JS.Gigger.A@mm arrives as an email message that has the following characteristics:

Subject: Outlook Express Update
Message: MSNSofware Co.
Attachement: Mmsn_offline.htm

If the worm is executed, it does the following:
It drops the following files:
C:\Bla.hta
C:\B.htm
C:\Windows\Samples\Wsh\Charts.js
C:\Windows\Help\Mmsn_offline.htm

Next, it drops a Script.ini file to spread itself by mIRC. Norton AntiVirus (NAV) detects the infected Script.ini as IRC.Worm.gen.

The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
and adds the value:
NAV DefAlert %Windows%\SAMPLES\WSH\Chart.vbs.
to the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Next, the worm searches network drives and copies itself as \Windows\Start Menu\Programs\StartUp\Msoe.hta

Manual removal:
In a file c:\autoexec.bat look for the formatting line.
If it exists, delete the entire line.

Then navigate to the following key in the system registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the following value:
NAV DefAlert
Navigate to and delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0

Automatic removal:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

Sexual pictures

Unencumbered galleries

от застройщи&

Pictures from collective networks

New site

Free galleries

Callow Job

Public pictures

Stooday

Updated contrive page

Daily updated photo blog with intense men

Reminder

Порно фото галереи, более 500 тысяч фотограф&#

Блог с женскими секс-историями

Протестируй н

Лучшие сериал

Right-minded started fresh occupation

Cheap NFL Jerseys

Список 2017 лучши

Pictures from collective networks

Unshackle galleries

смотреть лучш

Recent install

casual dating site philippines

Callow Project

Callow Poke out

Stooday

Loose galleries

Daily gay photos usage

Free galleries




SoftwareTipsandTricks, All Rights Reserved.