1. /
  2. Security Response/
  3. JS.Seeker

JS.Seeker

Risk Level 2: Low

Discovered:
December 15, 2000
Updated:
February 13, 2007 11:34:49 AM
Type:
Trojan Horse

JS.Seeker is a Trojan horse program that alters the default startup and search pages of your Web browser.

The Trojan horse sometimes arrives as a file named Runme.hta. This file runs only if the Windows Scripting Host is installed.



There are other things that you can do to protect your system from this type of Trojan Horse.

Script Blocking
  • If you are using Norton AntiVirus 2001, a free program update that includes Script Blocking is available. Please run LiveUpdate to obtain this.
  • For other versions of Norton AntiVirus, SARC offers a tool to disable the Windows Scripting Host.


Install the Microsoft patch
This worm takes advantage of a known Microsoft Outlook/Outlook Express security hole. Microsoft has provided a patch for this security hole at http://www.microsoft.com/technet/security/bulletin/MS99-032.asp

Antivirus Protection Dates

  • Initial Rapid Release version December 19, 2000
  • Latest Rapid Release version September 28, 2010 revision 054
  • Initial Daily Certified version December 19, 2000
  • Latest Daily Certified version September 28, 2010 revision 036
  • Initial Weekly Certified release date pending
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: High
  • Number of Infections: More than 1000
  • Number of Sites: More than 10
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver