JS/Fortnight-B Type : JavaScript worm Description JS/Fortnight-B is a worm that attempts to spread by dropping a file that it sets as the signature file for Outlook Express 5.0. The file is dropped in the Windows folder and is called s.htm. JS/Fortnight-B sets the following registries: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\SecurityTab HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\AdvancedTab to "1" and HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\ to "http://www.pixpox.com/cgi-bin/click.pl?url=" JS/Fortnight-B also creates a file in the Windows folder called hosts. The hosts file has the effect of subverting access to the following websites: Read more: http://www.sophos.com/virusinfo/analyses/jsfortnightb.html
See also the parallel dslreports thread where I have posted detailed info on this bug from: F-Secure, Symantec, Trend Micro, Computer Associates, and McAfee.