Email-Worm.JS.Gigger
Email-Worm.JS.Gigger is a fake infection used for the purpose of malware distribution. The fake spyware remover PC Antispyware 2010 seeks to trick you by stating in fraudulent security alerts and fake warning pop-ups, that your computer has been infected with Email-Worm.JS.Gigger. This fictitious worm can apparently replicate using Outlook, Outlook Express and mIRC, and may format your hard disk after reboot. You are then prompted to purchase and install PC Antispyware 2010 in order to combat this falsified threat.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\All Users\Application Data\pybisezyr.db 2 %Documents and Settings%\All Users\Application Data\ulycozoho._dl 3 %Documents and Settings%\All Users\Documents\ekenubes.com 4 %Documents and Settings%\All Users\Documents\icosagula.reg 5 %Program Files%\Common Files\aqamodero.dat 6 %Program Files%\Common Files\hubeweqa.lib 7 %Program Files%\Common Files\jatikysup._dl 8 %Program Files%\Common Files\ofyxodaqa.dat 9 %Program Files%\Common Files\sahaso.bat 10 %Program Files%\Common Files\zotys.bin 11 %Program Files%\PC_Antispyware2010 12 %Program Files%\PC_Antispyware2010\AVEngn.dll 13 %Program Files%\PC_Antispyware2010\data 14 %Program Files%\PC_Antispyware2010\data\daily.cvd 15 %Program Files%\PC_Antispyware2010\htmlayout.dll 16 %Program Files%\PC_Antispyware2010\Microsoft.VC80.CRT 17 %Program Files%\PC_Antispyware2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest 18 %Program Files%\PC_Antispyware2010\Microsoft.VC80.CRT\msvcm80.dll 19 %Program Files%\PC_Antispyware2010\Microsoft.VC80.CRT\msvcp80.dll 20 %Program Files%\PC_Antispyware2010\Microsoft.VC80.CRT\msvcr80.dll 21 %Program Files%\PC_Antispyware2010\PC_Antispyware2010.cfg 22 %Program Files%\PC_Antispyware2010\PC_Antispyware2010.exe 23 %Program Files%\PC_Antispyware2010\pthreadVC2.dll 24 %Program Files%\PC_Antispyware2010\Uninstall.exe 25 %Program Files%\PC_Antispyware2010\wscui.cpl 26 %UserProfile%\Application Data\jugifyryve.exe 27 %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PC_Antispyware2010.lnk 28 %UserProfile%\Cookies\ajeby.reg 29 %UserProfile%\Cookies\yqeqaranym.vbs 30 %UserProfile%\Cookies\zebav.pif 31 %UserProfile%\Desktop\_scui.cpl.txt 32 %UserProfile%\Desktop\PC_Antispyware2010.lnk 33 %UserProfile%\Local Settings\Application Data\xoqupuwytu._dl 34 %UserProfile%\Start Menu\Programs\PC_Antispyware2010 35 %UserProfile%\Start Menu\Programs\PC_Antispyware2010\PC_Antispyware2010.lnk 36 %UserProfile%\Start Menu\Programs\PC_Antispyware2010\Uninstall.lnk 37 %WINDOWS%\akudyta.lib 38 %WINDOWS%\hoxigawax.inf 39 %WINDOWS%\kyci.dl 40 %WINDOWS%\nuxojih.scr 41 %WINDOWS%\qynomikov.bin 42 %WINDOWS%\seni.reg 43 %WINDOWS%\system32\_scui.cpl 44 %WINDOWS%\system32\cocefezyj.dl 45 %WINDOWS%\system32\qebykiti.dl 46 %WINDOWS%\yfoneby.db
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\PC_Antispyware2010HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USER\Control Panel\don't load "scui.cpl"HKEY_CURRENT_USER\Control Panel\don't load "wscui.cpl"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PC Antispyware 2010"HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}PC_Antispyware2010
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.