FRISK Software International

Summary of JS/Gigger.A@mm
Discovered: 11 Jan 2002
Definition files: 11 Jan 2002
Infection Method: Mass mailing.
Jump to:
Brief description
Technical description

Brief Description

JS/Gigger is an e-mail worm with a potentially destructive payload. It spreads via infected attachments to e-mail messages.

Technical Description

A message distributing JS/Gigger@mm can be identified by the following characteristics:

The attachment is called: Mmsn_offline.htm The Subject line is: Outlook Express Update and the message contains the text: MSNSoftware Co.

If this worm is started it copies the following files to the infected computer:


Then it copies an Script.ini file to the system in order to be able to spread itself via mIRC.

Then it adds ECHO y|format c: to the Autoexec.bat file, causing drive c: to be formatted next time the infected computer is started.

When these steps are completed JS/Gigger.A@mm created these registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows Scripting Host\Settings\Timeout

It also adds

NAV DefAlert
to the register key:


Gigger then searches for network drives if the infected computer is connected to a network. If found it copies itself to the network drives as \Windows\Start Menu\Programs\Startup\Msoe.hta.

After these operations the worm tries to delete all files on the local hard drive

JS/Gigger.A@mm is detected by F-Prot Antivirus™ 3.11b using signature files from January 11th or later.

FRISK Software International's Viruslab Team

Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:


perComp Verlag
(in German)