chart.vbs - Dangerous

chart.vbs

Manual removal instructions:

Antivirus Report of chart.vbs:
chart.vbs Malware
chart.vbsDangerous
chart.vbsHigh Risk
chart.vbs
I-Worm.Gigger
JS.Gigger.A@mm is a worm written in JavaScript. It uses Microsoft Outlook and mIRC to spread.
It infects .html files.
Attempts to delete all files on the computer and to format drive C if the computer is successfully restarted.

JS.Gigger.A@mm arrives as an email message that has the following characteristics:

Subject: Outlook Express Update
Message: MSNSofware Co.
Attachement: Mmsn_offline.htm

If the worm is executed, it does the following:
It drops the following files:
C:\Bla.hta
C:\B.htm
C:\Windows\Samples\Wsh\Charts.js
C:\Windows\Help\Mmsn_offline.htm

Next, it drops a Script.ini file to spread itself by mIRC. Norton AntiVirus (NAV) detects the infected Script.ini as IRC.Worm.gen.

The worm then creates the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0
and adds the value:
NAV DefAlert %Windows%\SAMPLES\WSH\Chart.vbs.
to the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Next, the worm searches network drives and copies itself as \Windows\Start Menu\Programs\StartUp\Msoe.hta

Manual removal:
In a file c:\autoexec.bat look for the formatting line.
If it exists, delete the entire line.

Then navigate to the following key in the system registry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the following value:
NAV DefAlert
Navigate to and delete the following keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout
HKEY_CURRENT_USER\Software\TheGrave\badUsers\v2.0

Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.

Remove chart.vbs now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.