SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  Chart.vbs

Name Chart.vbs

Description

I-Worm.Gigger
JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread.
It infects .html files.
Attempts to delete all files on the computer and to format drive C if the computer is successfully restarted.

JS.Gigger.A@mm arrives as an email message that has the following characteristics:

Subject: Outlook Express Update
Message: MSNSofware Co.
Attachement: Mmsn_offline.htm

If the worm is executed, it does the following:
It drops the following files:
C:\Bla.hta
C:\B.htm
C:\Windows\Samples\Wsh\Charts.js
C:\Windows\Help\Mmsn_offline.htm

Next, it drops a Script.ini file to spread itself by mIRC. Norton AntiVirus (NAV) detects the infected Script.ini as IRC.Worm.gen.

The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
and adds the value:
NAV DefAlert %Windows%\SAMPLES\WSH\Chart.vbs.
to the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Next, the worm searches network drives and copies itself as \Windows\Start Menu\Programs\StartUp\Msoe.hta

Manual removal:
In a file c:\autoexec.bat look for the formatting line.
If it exists, delete the entire line.

Then navigate to the following key in the system registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the following value:
NAV DefAlert
Navigate to and delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0

Automatic removal:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

maqjqxwgud

nrovugqyzr

Мировые новос

Memphis Beat

replica iwc watches stores

spyder ski suits women outlet

issgoywdvz

Порно фото бескорыстно, эротические секс

tuurehiogi

oiidszwykb

nkjmaevdnt

nuvbsqlksp

bskzeoyjmx

qlavixijas

dobhbfgioz

tmhdytoaib

vpbsuzudvh

Мировые новос

cvdylbomno

Oferty sylwestrowe nad morzem

yewdykiqbc

qzkkpoqxxh

Олимп трейд

tjfbsjthfz

waqesnljun

dsskjsrnbs

usbexbflnq

jerubpgrbt

faujywkdwu

Adult position




SoftwareTipsandTricks, All Rights Reserved.