Techguy
November 21, 2000, 10:33 am
Updated Nov 24 2000
JS_SEEKER.B
Risk rating: low
Virus type: JavaScript
Destructive: N
Aliases:
SEEKER.B, JS.Trojan.Seeker.b, JS/Seeker.B
Description:
This encrypted JavaScript Trojan sets the default and home page of Internet Explorer to http://www.JetHomePage.com. This program is encrypted using Microsoft's Windows script encoder, which allows HTML pages, ASP Pages and Windows Script Host files to be encrypted so that the infected user cannot read the code.
Solution:
Scan your system with Trend antivirus and delete all files detected as JS_SEEKER.B. To do this Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner.
Delete the registry file named HOMEREG111.REG in the Windows directory c:\Windows.
Restore the original registry settings by double-clicking the registry files named BACKUP1.REG and BACKUP2.REG that can be found in the windows directory c:\Windows.
Delete the registry files BACKUP1.REG and BACKUP2.REG.
Delete REMOVEIT.HTA in the root directory of drive c:\.
If the file named RUNME.HTA exists in the taskbar's startup menu or the startup directory c:\Windows\Start Menu\Programs\Startup then delete it.
JS_SEEKER.B
Risk rating: low
Virus type: JavaScript
Destructive: N
Aliases:
SEEKER.B, JS.Trojan.Seeker.b, JS/Seeker.B
Description:
This encrypted JavaScript Trojan sets the default and home page of Internet Explorer to http://www.JetHomePage.com. This program is encrypted using Microsoft's Windows script encoder, which allows HTML pages, ASP Pages and Windows Script Host files to be encrypted so that the infected user cannot read the code.
Solution:
Scan your system with Trend antivirus and delete all files detected as JS_SEEKER.B. To do this Trend customers must download the latest pattern file and scan their system. Other email users may use Trend HouseCall, a free online virus scanner.
Delete the registry file named HOMEREG111.REG in the Windows directory c:\Windows.
Restore the original registry settings by double-clicking the registry files named BACKUP1.REG and BACKUP2.REG that can be found in the windows directory c:\Windows.
Delete the registry files BACKUP1.REG and BACKUP2.REG.
Delete REMOVEIT.HTA in the root directory of drive c:\.
If the file named RUNME.HTA exists in the taskbar's startup menu or the startup directory c:\Windows\Start Menu\Programs\Startup then delete it.