Last updated 14/05/2005
Copyright © 1999 - 2004, Sandra Hardmeier, All Rights Reserved Worldwide

Now this is an interesting story.  www.sureseeker.com gives you the option to set their service as your default home page and search engine, as well as adding their site to your favorites.  They do not provide instructions on how to reverse the changes made.  There is no support page, nor did I find instructions on how or where Sureseeker can be contacted.

Interestingly, there was also a virus doing the rounds that sets a computer's homepage to www.sureseeker.com 

The virus is called JS.Seeker trojan (It is also known as HTA.runme trojan).

¹ ..This trojan is malicious script embedded in HTML code which may be run by an unsuspecting internet user visiting the seedier side of the Internet. This trojan exploits a bug in Internet Explorer which allows it to store files on the users machine. Removeit.hta is stored in C:\ drive and runme.hta is stored in the Windows Startup directory.

When the machine is rebooted the runme.hta file will be executed, when run this file changes the default URL for the Internet Explorer to be changed to www.sureseeker.com.

The trojan possesses a basic stealth capability. When runme.hta is run it will modify registry entries so that the file will be deleted after it has been run. Removing this file is an attempt by seeker to hide the fact that the machine has been attacked/compromised..."

¹ http://www3.ca.com/Virus/Virus.asp?ID=7986

To help protect your computer from such scripting tricks make sure your copy of Internet Explorer is up-to-date with regards security updates.

For the seeker trojan, you should download and install the following patch to Internet Explorer:

http://www.microsoft.com/technet/security/bulletin/ms99-032.asp