chart.vbs - Dangerous
chart.vbs
Manual removal instructions:
Antivirus Report of chart.vbs:
chart.vbs
I-Worm.Gigger
JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread.
It infects .html files.
Attempts to delete all files on the computer and to format drive C if the computer is successfully restarted.
JS.Gigger.A@mm arrives as an email message that has the following characteristics:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachement: Mmsn_offline.htm
If the worm is executed, it does the following:
It drops the following files:
C:\Bla.hta
C:\B.htm
C:\Windows\Samples\Wsh\Charts.js
C:\Windows\Help\Mmsn_offline.htm
Next, it drops a Script.ini file to spread itself by mIRC. Norton AntiVirus (NAV) detects the infected Script.ini as IRC.Worm.gen.
The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
and adds the value:
NAV DefAlert %Windows%\SAMPLES\WSH\Chart.vbs.
to the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Next, the worm searches network drives and copies itself as \Windows\Start Menu\Programs\StartUp\Msoe.hta
Manual removal:
In a file c:\autoexec.bat look for the formatting line.
If it exists, delete the entire line.
Then navigate to the following key in the system registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the following value:
NAV DefAlert
Navigate to and delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
chart.vbs | Malware |
chart.vbs | Dangerous |
chart.vbs | High Risk |
JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread.
It infects .html files.
Attempts to delete all files on the computer and to format drive C if the computer is successfully restarted.
JS.Gigger.A@mm arrives as an email message that has the following characteristics:
Subject: Outlook Express Update
Message: MSNSofware Co.
Attachement: Mmsn_offline.htm
If the worm is executed, it does the following:
It drops the following files:
C:\Bla.hta
C:\B.htm
C:\Windows\Samples\Wsh\Charts.js
C:\Windows\Help\Mmsn_offline.htm
Next, it drops a Script.ini file to spread itself by mIRC. Norton AntiVirus (NAV) detects the infected Script.ini as IRC.Worm.gen.
The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
and adds the value:
NAV DefAlert %Windows%\SAMPLES\WSH\Chart.vbs.
to the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Next, the worm searches network drives and copies itself as \Windows\Start Menu\Programs\StartUp\Msoe.hta
Manual removal:
In a file c:\autoexec.bat look for the formatting line.
If it exists, delete the entire line.
Then navigate to the following key in the system registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the following value:
NAV DefAlert
Navigate to and delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.