Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 


JS/FORTNIGHT VARIANT REPORTED IN THE WILD

Virus Name  : JS/Fortnight.B

Alias             : JS.Fortnight.M, JS/Fortnight.D , EML.Fortnight, Fortnight.C

Virus type    : Java Script worm

Threat level : Medium

Virus details :

                     JS/Fortnight.B is an encrypted Java script worm, uses Microsoft outlook Express signature facility to spread. It also makes changes in the Windows HOSTS file to force the infected user to visit virus author site. 

                     When viewing the infected mail with a HTML aware e-mail client like outlook express, the malicious script will be executed automatically. It connects to virus author site and runs a java applet. It drops the file S.HTM and sets it to outlook express signature.

                     Fortnight also modifies Internet explorer settings in the registry. It modifies the security settings to low and changes the home page, search page and search bar settings. 

                     Fortnight uses Microsoft VM ActiveX component to infect the target systems. This vulnerability allows the worm to drop the file without user's knowledge.

Manual removal instructions:

1. Install VM ActiveX component security patch or install latest version of Internet explorer 6.0

2. Delete the file C:\%WINDOWS%\S.HTM and C:\%WINDOWS%\HOSTS in Windows folder. [example: C:\WINDOWS\S.HTM]

3. Open the Outlook express->Tools->Options->Signatures tab. Remove S.HTM and uncheck the Add signature option.

4. You have to set the Internet security settings to Medium. You can do this by following Start->Settings->Control Panel->Internet Options->Security->Medium.

5. You need to open the file Fnfix.reg to reset the Internet explorer home page and search page in the registry.

How can I protect my system?

                   Solo has incorporated Fortnight worm and variants in its signature file to protect users from this worm attack. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

To protect your system against infection, install the security patches from the link http://www.microsoft.com/technet/security/bulletin/ms00-075.asp Otherwise you can install the latest version of Internet Explorer 6.0.

How to remove this worm?

                   If you found this worm, Run Solo Antivirus and choose delete option on the worm components. Solo antivirus can detect and remove JS/Fortnight.B worm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link