JS.Seeker

JS.Seeker is a Trojan horse program that alters the default startup and search pages of your Web browser.

The Trojan horse sometimes arrives as a file named Runme.hta. This file runs only if the Windows Scripting Host is installed.



There are other things that you can do to protect your system from this type of Trojan Horse.

Script Blocking

• If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Please run LiveUpdate to obtain this.
• For other versions of Norton AntiVirus, SARC offers a tool to disable the Windows Scripting Host.

Install the Microsoft patch
This worm takes advantage of a known Microsoft Outlook/Outlook Express security hole. Microsoft has provided a patch for this security hole at http://www.microsoft.com/technet/security/bulletin/MS99-032.asp

Protection

• Initial Rapid Release version December 19, 2000
• Latest Rapid Release version March 4, 2008 revision 039
• Initial Daily Certified version December 19, 2000
• Latest Daily Certified version March 4, 2008 revision 041
• Initial Weekly Certified release date pending

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: High
• Number of Infections: More than 1000
• Number of Sites: More than 10
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: Low