REG_SEEKER C JS_GIGGER.A Trojan

Hi BillyBob
As Alice has pointed out. Using REG_SEEKER C JS_GIGGER.A for your search.....actually only looks for "C "
The red flag should have been that several virus scans after the repair was done, showed up nothing.

Daizy

 

Thanks Daizy Pedants are good for that I guess

For sure, as Newt observed.

 

BillyBob,
You're right about issues with Me's Restore. I remember seeing those special "WinMe" instructions on Symantec's pages, telling you to disable System Restore so that the virus files are not saved. Does make it a bit more complicated, doesn't it?
EDIT (loving those details, as ever):
Here's a Copy/Paste from one of Symantec's pages on virus removal:

 

Hey Alice! You're being paged!

 

Will have to post to this later. Have to take care of myself today with the doctors. Thanks everyone.

 

Page answered. Thanks Daizy.

Good luck at the doctors, Stoofer.

 

What do you folks think of these thoughts ? Or, more food for thought or discussion. Readers choice.

special "WinMe" instructions on Symantec's pages,

I have only one problem with those instructions. By the time we are reading them it may already be too late. There is no sense in closing the gate after the cows are already in the front yard.

The infected files may already be in the Restore Point ( or any backup files ) unless one knows or remembers just when the Virus or Trojan got into the system and can get a point previous to such time.

If a Virus gets in this afternoon and ME makes a Restore point at Midnight it may well have the Virus in it unless it has been found and cleaned up.

Some Viurses or Trojans can hang around for a while before the proper operation is preformed that activates it. And a backup of any type may contain the nasty thing.

Me, myself and I would not trust ANY backup of any type that was made previous to me finding that a virus or Trojan had infected my machine. Especially any Auto backups like GO Back or System Restore.

If it were one that I had manually made after a full system check then I * MIGHT * trust it.

BillyBob

 

OOPS !!!!

From Sysmantec

When you disable System Restore and restart the computer, it will purge the contents of the _RESTORE folder. (This will, of course, remove all current restore points, which will prevent you from using System Restore to return to a previous system status. Once you reenable System Restore, it will begin building new restore points.)

Must have been having a bad hair day or was wearing the wrong classes.

Reading all things again and properly changes my thinking. It looks like dis-abling and re-unabling SR takes good care of things.

BillyBob

 

Hey, BB,

Glad I did add the information from Symantec's page then, with the link to * How to disable or enable Windows Me System Restore http://service1.symantec.com/SUPPOR...001012513122239.
which is what you've quoted.

I was beginning to think I was being way too detail-oriented in some of my posts/edits.

 

Alice

Totaly my error.

It was not what you did that was the problem. What you did by posting the link was fine.

It is what I DID NOT DO that messed things up.

I either got in a hurry. Did not read the full article. Did not read it properly. Or mis-interpeted everything that I did read.

Or maybe all of the above ?

I should not have been discussing PC problems yesterday anyway. Too many Real Life things going on.

BillyBob

 

I would like to thank Alice, Daizy, BillyBob, Steve and dobhar for their help on this problem. BillyBob here is some info I pulled off of my system on GoBack relating to restores:

What happens when I upgrade my operating system?

GoBack connects into the operating system at a very low level. Like virus checking software, GoBack should be disabled before upgrading to Windows 98. This is also true if you should need to reinstall Windows 95 or Windows 98.
If you wish to use an operating system for which there are no GoBack Drivers, and you wish to access the parts of your physical drive used for Windows 95 or 98, then you must disable GoBack first. Note that this defeats all of the GoBack monitoring and protection services and causes GoBack to discard all of the information regarding your system that it has stored so far. When you are done accessing the physical drive from outside Windows 95 or 98, you can re-enable GoBack. You can disable GoBack through the Main Menu/Options.

During an upgrade, your computer may be rebooted multiple times. Each time you will be asked if you want to re-enable GoBack. Select No until you have completed the final portion of the upgrade or reinstall. On your next restart, you may then re-enable GoBack for system protection.

© Copyright 1998, 1999 Wild File, Inc.

Don't know if the above will help you or not.

I am still having problems with the System Restore CD on my system. As I recall, it would auto-load when loading in the tray and closing the door. It will not do that now. The system will boot from the CD ROM on power up with the RESTORE CD in the tray. So, do I ignore this and go on?

And dobhar, thanks for the info on the virus scanning sites and the info on FDISK and format.

 

Stoofer

You are welcome.

Thank you for the Info on GoBack.

It most certainly does as I now have more info than I did have about it. And I would now not be as reluctant to try it as I was as I see it can be manually controlled.

As to the RESTORE CD. I can not really be sure what to say as I have all home built machines and can do things pretty much my way.

BillyBob

 

If I may, a restore CD will not autorun when you place it in the cd-rom drive. You have to have it in the drive and boot to it in order for it to function properly. Unfortunately I've had to use these things on HP's, Dell's and Compaq's.......

So it sounds as though your machine is doing what it's supposed to.

 

Thanks, Kevin. My memory has not been doing very well lately. I thought that at one time this CD did autoload, but I'll take your word for it.

Bad news. I returned to Housecall and reran their online scan. It detected JS_GIGGER.A this time. Ran the automatic cleaning feature and then checked the registry.

What is happening here and where am I picking this thing up?

One smart thing that I did today, at least I think so, is disable Windows Scripting Host. Thanks for the info, Alice.

 

Hi Stoofer
Sorry to hear you're still having trouble. Perhaps you could try this:
1. Click Start, and click Run.
2. Type the following line, and then click OK.

edit c:\autoexec.bat

The MS-DOS Editor opens.

3. Look for the line

ECHO y|format c:

And see if it infact exists?

Trendmicro's removal tool

 

Already checked that Daizy. I went through the Overview details on JS_Gigger.A that you gave me on an earlier post. Also checked the associated registry keys and went back and deleted 3 associated keys for Outlook Express.

Needless to say, Daizy, I am very disappointed with NAV. Perhaps it is time for a change.

 

So you did find that line then?
Have you tried subsequent scans with other free online virus scanners such as:
Grisoft
Housecall
Panda
Symantec

Did you download and run the fix? I'm sorry....I've lost track of what you've done and what has yet to be tried.

 

Daizy, the latest is that I have run the automatic fix at Housecall for JS_Gigger.A. It downloaded and I then did a system reset to run it. Went back to Housecall and reran the scan. It then ran OK.
Then went over to Panda, Symantec and Grisoft. Scans again ran clean at both Panda and Symantec. Couldn't find the free scan at the Grisoft site.

I should also say that I went back over the Housecall information on JS_Gigger that was found in the Virus Encyclopedia under Overview and Tech details. Ended up deleting 3 keys for OE at HKEY_CURRENT_USER>Identities>ID>Software>Microsoft>Outlook Express>5.0>Mail. This was all done before I reran the scan at Housecall and after the automatic fix was applied.

Maybe this will be the last that I see of this beast, but I'm not holding my breath. Been doing some reading on FDISK and format. UGH.

 

Hi Stoofer
I think you've already solved this one. That indeed you may have gotten a false/positive for that virus from Housecall, considering all other scans came up clean.
I'd hate to see you go to the trouble of wiping your hard drive for nothing. It's a long and tedious process.

Daizy

 

Yes, Daizy, I'm going to take Ed's advice and regard this as a false positive from Housecall. Hopefully, I haven't already damaged the data on my harddrive too much.

Thanks again, Daizy and everyone else.