[WEB4LIB] RE: Browser Hijackings

P. Michael McCulley mcculley at best.com
Thu Jun 21 22:45:46 EDT 2001


This is a possible lead to pursue, and try out for test removal of this problem.
Some preliminary research about bigred.com hijacking suggest you maybe infected with the JS.seeker worm virus.

Please see
http://www.symantec.com/avcenter/venc/data/js.seeker.html
for the details and removal instructions.

Quote from the Symantec info:
"JS.Seeker is a Trojan horse program that alters the default startup and search pages of your Web browser. The Trojan horse sometimes arrives as a file named Runme.hta. This file runs only if the Windows Scripting Host is installed."

It appears if the machines have Outlook installed or for use, and don't have the security patch, they may fall victim to this worm (my interpretation at this point).

I hope this helps, and Robert or Andrew, let me know what you find out if you try this fix.

Best,
Michael

P. Michael McCulley
Email: mcculley at best.com

Quote of the Moment:
-I wish you were a beer.

>-----Original Message-----
>From: web4lib at webjunction.org
>[mailto:web4lib at webjunction.org]On Behalf Of Wing, Robert
>Sent: Thursday, June 21, 2001 04:05 PM
>To: Multiple recipients of list
>Subject: [WEB4LIB] RE: Browser Hijackings
>
>
>On Thu, 21 Jun 2001 09:20:49 -0400 Andrew Mutch wrote:
>>
>>"Just in the past day or two, I've had a rash of staff and public
>>browsers that appear to have been victims of browser hijacking.  When a
>>user tries to browse to an invalid domain, they are redirected to this
>>site:
>>
>>http://www.bigred.com/"
>>
>
>Both our student and staff PCs have been getting BigRed.com off and on for
>the last 3 weeks with both IE 5.5 and Navigator 4.07
>At first, we would get the BigRed page with a huge dialog box asking "Would
>you like to set your homepage to 'http://
>hit enter or return to continue"

[remainder snipped]



More information about the Web4lib mailing list