Existance of the following files:
1. Make sure that you have the latest updates using BitDefender Live!;
2. Perform a full scan of your system (selecting, from the Action tab, the option \"Prompt
user for action\"). Choose to delete all the files infected with JS.Gigger.A.
3. Delete the line Echo y |═format c: from autoexec.bat if exists.
BitDefender Virus Researcher
This worm spreads through e-mail, and local networks and also infects HTML and ASP files.
The format of an infected e-mail is:
From: < e-mail of an infected person >
Subject: Outlook Express Update
Body: MSNSofware Co.
Body: Microsoft Outlook 98
If the user opens the attached HTML page, will start the virus which will copy itself in locations shown above (in Symptoms section). Also the virus will try to send itself to all the contacts from the Outlook Address Book and from the Windows Address Book. To send e-mail it will try using Outlook and with the MAPI (Mailing Application Programming Interface) Handler (the default handler is Outlook Express).
If the virus cannot create several scripting objects it tries to write in c:\\autoexec.bat the line Echo y |═format c: which on Windows 95/98/ME will attempt to format the drive C: at the next restart.
The virus creates the registry key:
with the value C:\\Windows\\Samples\\WSH\\charts.vbs which will execute that script at every restart.
To infect in local networks the virus will try to write in shares the file
C:\\Windows\\Start Menu\\Programs\\StartUp\\msoe.hta where it will copy itself.
Also the virus creates the script.ini file for mIRC to send the mmsn_offline.htm file to all the persons who will chat with the victim.