Follow:

 

Exploit:JS/ActiveXComponent


Exploit:JS/ActiveXComponent is a JavaScript that exploits the vulnerability described in CVE-2000-1061 to run arbitrary code.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

Additional removal instructions

This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following articles:

  • This threat may be present in your Temporary Internet Files folder. We recommend that you delete your temporary Internet files to prevent the persistent detection of this threat from within the Temporary Internet Files folder. To delete the temporary Internet files from Internet Explorer, refer to KB Article 260897.
  • This threat may change your Internet Explorer Home Page. To change it back to your own setting, refer to these articles:

Threat behavior

Installation

Exploit:JS/ActiveXComponent is often found hosted or embedded on malicious or compromised websites. It is loaded if you visit one of these websites.

Payload

Changes computer settings

Exploit:JS/ActiveXComponent has been known to change the following computer settings:

  • Changing the Internet Explorer start page
  • Adding certain URLs to the Internet Explorer Favorites list
  • Opening pop-up windows
  • Loading other JavaScripts

Analysis by Alden Pornasdoro


Symptoms

Browser changes

The following system changes may indicate the presence of this malware:

  • Your Internet Explorer home page may have changed
  • There might be URLs in your Internet Explorer Favorites list that you didn't add

Prevention


Alert level: Severe
First detected by definition: 1.45.287.0
Latest detected by definition: 1.117.2303.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Dec 08, 2006
This entry was updated on: Mar 13, 2013

This threat is also detected as:
  • Exploit_Gen.JFA (Norman)
  • TR/ActiveX.Exploit (Avira)
  • Exploit.Applet.ActiveXComponent (BitDefender)
  • Trojan.AppActXComp (Dr.Web)
  • Exploit.JS.ActiveXComponent (Ikarus)
  • Exploit.JS.ActiveXComponent (Kaspersky)
  • JS/Except-Fam (Sophos)
  • JS.Exception.Exploit (Symantec)