JS.Seeker - Removal

Risk Level 2: Low

Discovered: December 15, 2000

Updated: February 13, 2007 11:34:49 AM

Type: Trojan Horse

To remove JS.Seeker you need to:

Run a full system scan and delete any files that are detected as infected.
Delete the Homereg111.reg and Prefs.js files.
Restore original settings by merging Backup1.reg and Backup2.reg into the registry.

For instructions on how to do this, see the sections that follow.

To run a full system scan:

To find and delete the Homereg111.reg and Prefs.js files:

Click Start, point to Find, and click Files or Folders.
Make sure that Look in is set to (C:) and that Include subfolders is checked.
In the Named box, type the following file names:homereg111.reg prefs.js
Click Find Now. Windows will find the files (if they exist) and display them in the lower pane of the Find dialog box.

NOTE: You are about to delete files. One of them is Prefs.js. If you are using Netscape, there is a legitimate Netscape file that is named Prefs.js. If you delete the legitimate Prefs.js, it deletes your Netscape preferences. If you use Netscape, and do not want to do this, when the files are found, just delete copies of Prefs.js that are not in a Netscape subfolder. For example, if you find a copy of Prefs.js in the \Windows folder, that does not belong to Netscape and should be deleted.
Select each displayed file, press Delete, and click Yes to confirm.
Leave the Find: All Files window open, and go on to the next section.

To find and merge Backup1.reg and Backup2.reg into the registry:

Click New Search, and click OK to confirm.
Make sure that Look in is set to (C:) and that Include subfolders is checked.
In the Named box, type the following file names:backup1.reg backup2.reg
When found, double-click each of these files to restore the registry settings.
Once the registry has been restored and the computer is working correctly, delete Backup1.reg and Backup2.reg.

Technical Details

Search Threats

Search by name

_{Example: W32.Beagle.AG@mm}