Troj/JetHome

This Trojan horse works when an infected web page is viewed in Microsoft Internet Explorer. It drops a file RUNME.HTA in the Windows Startup folder. The next time the computer starts the Trojan horse makes changes to the Registry and drops the file C:\Program Files\Netscape\Users\Default\PREFS.JS to set the default homepage for Internet Explorer and Netscape to be www.jethomepage.com.

The Trojan horse leaves backups of the changed parts of the Registry in the Windows directory as BACKUP1.REG and BACKUP2.REG. It creates two entries in the Favourites folder to www.jethomepage.com and to www.peepfree.com and finally deletes RUNME.HTA from the StartUp folder.