I was surfing on the Internet and was not downloading anything, when a virus detection alert came up on my computer. I am running Windows Me and use Norton Antivirus 6.20.04. The activity log said it was the JS.Seeker virus. My antivirus program was unable to delete the file so it put it into quarantine.
What do I do from here?

http://www.sarc.com/avcenter/venc/data/js.seeker.html

i would just empty it from quarantine, and do a full system scan to be on the safe side.
and get the file to disable scripting
http://www.sarc.com/avcenter/venc/data/win.script.hosting.html

that should read, delete it from quarantine.

I use Norton 2002 and have come across the same situation myself.

If the Norton can not delete it or disable it, it quarantines the file. If you go in to quarantine it will ask if you want to attempt to fix the problem with its updated definitions.

It will not be able to fix the file, just delete it from quarantine. Norton will tell you that it will permantly remove it from the system.

There is no need to send it into SARC as this is a ver common exploit.

it may also only quarantine it, and not be able to delete it because it is in the c:\_restore folder
,click here for symantecs write-up on system restore folder

I have the same virus.

the files infected are home.reg and sb.reg

I know how to delete those 2 files, but how do i merge my Backup.reg files into the registry?

I was also infected with the JS.Seeker virus.
Now that I deleted the infected sb.reg file where can I find a replacement file? What software uses this file? What website can provide me this file? Please advise, thanks!
-Chris

The best website I have found to remove the Virus and its effects is at Symantec:
http://www.sarc.com/avcenter/venc/data/js.seeker.html

i can't find the files that they said i have top delete

I got this virus and THIS url which was sitting in my registry arbitrarily popped up minutes after I typed it in and closed the web page. It was kind enough to tell me what people can see on my computer....

http://205.134.182.163/1/cbr.htm

i got same virus and i think it somehow disabled my cd drives, they can open and close but they wont allow me to play games and they dont show up with the a,c drive under my computer, any help you could lend would be nice

I have had the same JS.SEEKER virus but what it did to my computer was I cannot open my Inbox in Outlook Express. It says : Outlook Express can not be opened". I was compacting my inbox when suddenly my pc rebooted, and when I did a scan with Norton Antivirus afterwards it detected this JS.SEEKER virus.
I don't know what to do, I have tried to locate the reg111.js (or something) -file but I can't find it.
I wish someone could help me, and if so plz e-mail me . I would be very grateful.

Sam,

"It was kind enough to tell me what people can see on my computer...."

I wouldn't be milling about on that site. I have reason to believe that "CleanSurfer" webware program is the source of the trojan.

TO ALL: You *should also* go to Microsoft's site to have a vulnerability in your ActiveX controls updated. Go to

http://support.microsoft.com/default.aspx?scid=kb;EN-US;q275609

for info, and

http://support.microsoft.com/default.aspx?scid=http://www.microsoft.com/java/vm/dl_vm40.htm

to dowload the update.

I was just surfing when subbenly I got a some Norton message that this file:
C:\Windows\Temporary Internet Files\Content.IE5\F3AHZ3V6\startnow(1).js was infected with the JS. Seeker virus.
I could not delete it, so I put it in quarantine, and when I go to quarantine it's empty. So I hope it's gone.

I was told by a box on my screen that I had files infected with js/seeker.u Using McAfee I couldn't delete the offeneding files, nor could I find them in Windows explorer, but could quarantine them when McAfee popped them up on the screen and then delete them from the quarantined state. Virus infected files of the same name kept popping up?! I then followed Mcafees directions to find and delete the offending files from the registry. None of them seemed to exist, but just going through the procedure seemed to solve the problem. I also added the VM patch from Microsoft, as the virus exploits some vulnerability. You get the virus from downloading stuff from dubious sites, not necessarily porn sites. You can't transmit it by email. The only symptom it caused on my PC is that it would always default to Search mode when I opened up Internet Explorer and I would have to change it to Favourites mode. Apparently it works by directing you to certain sites on the Internet. I think it was on my computer for some time before McAfee detected it, even though I have the Virus scan online version

I went to a Symantec site and I searched for the virus, I found out that it alters the default startup and search pages of the Web browser.

The only thing I notice when I start the browser is that it says: "Searching for proxy-settings" (and that takes quite long)

Have had same virus, but my hard disk thinks its full!!!
Got rid of the problem before, but did it thru more luck than judgement.Reopened software today an up it pops again, Have know got rid of virus (i hope, as i could not find the files that symantec was goin on about.) but i've still got the same problem. Any help please.

JS.Seeker is a Trojan horse program that alters the default startup and search pages of your Web browser.
The Trojan horse sometimes arrives as a file named Runme.hta. This file runs only if the Windows Scripting Host is installed.
When JS.Seeker is executed, it makes changes to the following registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
HKEY_CURRENT_USER\Software\Netscape\Netscape Navigator\Main\Home Page
The original registry values are saved in the \Windows folder as Backup1.reg and Backup2.reg .
The Trojan horse creates the file Homereg111.reg in the \Windows folder and sets the previously mentioned registry keys to its own values. It then runs Removeit.hta, which deletes the file Runme.hta from the C:\Windows\Start Menu\Programs\Startup folder.
JS.Seeker also creates the Prefs.js file in the \Windows folder. This is a JavaScript file that changes Netscape Preferences to its own. (This is NOT the Prefs.js file in your Netscape directory, although that could be changed also.)

To find and delete the Homereg111.reg and Prefs.js files:
1. Click Start, point to Find, and click Files or Folders.
2. Make sure that Look in is set to (C:) and that Include subfolders is checked.
3. In the Named box, type the following file names:
homereg111.reg prefs.js
4. Click Find Now. Windows will find the files (if they exist) and display them in the lower pane of the Find dialog box.
5. Select each displayed file, press Delete, and click Yes to confirm. (Delete the Prefs.js in Program Files\Netscape directory ONLY if you know that you're infected. This will reset all your preference settings in Netscape.)

To find and merge Backup1.reg and Backup2.reg into the registry:
1. Click New Search, and click OK to confirm.
2. Make sure that Look in is set to (C:) and that Include subfolders is checked.
3. In the Named box, type the following file names:
backup1.reg backup2.reg
4. When found, double-click each of these files to restore the registry settings.
5. Once the registry has been restored and the computer is working correctly, delete Backup1.reg and Backup2.reg.

This worm takes advantage of a known Microsoft Outlook/Outlook Express security hole. Microsoft has provided a patch for this security hole at http://www.microsoft.com/technet/security/bulletin/MS99-032.asp.

I could'nt delete the virus so I formatted my hard disk.

problem solved.

I have the virus as well, I use Windows ME and I have Norton Anti-Virus 2001. I just scanned for viruses. I found that my system is infected with a virus under the name "JS. Seeker". The vius came under the URL wwwdotxxxdotcom. I am assuming that is pornograhpic. I just looked up the virus on Google. It said, "JS. Seeker redirects your internet explorer pages and alters the settings". Now my computer is getting slower, It is taking a long time to load up and re-boot. I had the virus in quarintine. It said it attempt to repair. It failed, so I deleted the virus without repairing. How do I re format my hardrive? Is the virus really gone? Is this virus a threat?

you are all freaking out for no reason! this is not a virus. it is a script. it runs one time. it changes your internet explorer preferences. thats all. read about it on symantec.com . great info and istructions there. if you had norton running in the first place, you wouldn't have been infected. if you have norton and got infected, then you didn't download the script blocking updates. my norton detected it and disabled it immediately. it didn't even get a chance to run itself. as for reformatting. that is completely idiotic. if all else fails... that's right... READ THE FREEKIN' INSTRUCTIONS FOLKS!!!

I am running a winNT server, which has the virus. I was running Norton AntiVirus 2001, which detected the virus. I can't repair the file, but can't delete it as well. Norton A/V hasn't moved the file to quarantine and I suspect that it won't. Any suggestions on what to do next? When I try to delete the file, I get that awful "disk right-protected" and "file currently in use and cannot be accessed at this time". Is there a WinNT service running that I can shut down?

I'm having an interesting result of the JS.Seeker virus. Don't think it actualy ran because none of the files where changed and Norton claimed to have removed it. However the residual effect is every once in awhile Norton re-detects it and everytime I check and it is not there. Any ideas as to why this is happening?

i got the virus...i deleted from quarantine...so is it gone now??? im not smart w/ virus's i just visited a webpage and it said i had it...is it there forever....or does it go away...

hey all,
my computer detected the Js.Seeker virus and i followed the proper intruction to cure the virus. However the same problems still exist--I have high speed internet and pages load very slow. I also have the problem that i cant download anything pass a certain percentage ofa download. As a result, i can not download any norton updates. Any feed back will be helpfull.
thx

I got the JS Seeker "virus" -trojan horse, actually sometime during the week between weekly scans. It was discovered on my weekly scan. It was quaranteened and deleted with no further problems. It did't do anything and my computer works fine. Perhaps there are other reasons your computer is giving you problems. Just check out all the other possibilies such as bad chord connections, buzy time of the day for internet users, etc.

Okay Guys,
Stop whining!!!
HERE IS THE "VIRUS-PROOF" Soln::)

:> First try to """understand""" what U SHOULD DO to delete the files .
If you can't find the files and delete it, do U know that thing you are sitting in front of is called a Komputer?????

:P Okay, there is possibility of not finding the backup1 backup2 registry files on your system. That's because Ur virus scanner did not allow the virus to execute it-self. Forget about quarantine, cos it means that it is not sitting on your Boss computer but in your own hardrive which doesnot have any "picketfences" to stop the virus from spreading. So go ahead and delete allthe necessary files

Not satisified: here's a secret that i usually follow almost every week:
It's secret and so "tell your success story" to all and share the knowledge:
Go to http://housecall.antivirus.com
Just look for this phrase"scan now" on the webpage on theleft side , click on it, select your country (Use Int. Expl..please) wait for a small file to download [takes less than 1 min in a DSL/CABLE and 5 min in AOL;dialup] and start scan. If you do not like to kleen the virus urself select "auto clean". It will scan your system , and it has updates all the time so do not worry. To your fear U may find more than 2 viruses sitting on your system. U betcha!!! do te scan over and over until u are sure it is gone. Of course, it is f'ee.
About updating the patch - well- i am not sure. Will write about it soon.

Now to the last prob:
Slowing of your internet connection : I do not know whatcha r u say'ng. Absolutely, reinstall IE and Netscape or Opera. I do not use Outlook (never)[it is always f***** vulnerable] . Still wanna format - i don't give a damn for people who do not know the difference between PC and a vaccum cleaner.
K.M.a

If you find all the info useful - drop me a
line, i would appreciate it.[someone pleazzze]

Let the 'force' be wit U
Dexter (0)(0)

I originaly posted the topic and i found that just turning off scripts on you explorer does the trick...just search mirosoft noscript on google.com and it will tell u what to do and download! It does the trick because this isnt a viruse persay its a script