I have some information about this pain-in-the ass.
Win32.Jeefo.A is a virus that infects PE files.
Once activated, it copies itself as SVCHOST.EXE to the Windows directory, launches it as a separate process, then passes control back to the host program. The virus then installs itself as a service to stay in memory. The following registry key is created on Win9x systems:
Note that SVCHOST.EXE is a valid system filename that exists in the System directory. The virus-created SVCHOST.EXE contains only the virus itself and is 36,352 bytes in size.
The virus searches drive letters C to Z for fixed disks. Once found, all directories are searched for suitable PE file to infect. Infected files increase 36,352 bytes in size, but the last modified date and time remains the same.
The virus body contains the following hidden message (although this is never displayed to the user):
"Hidden Dragon virus. Born in a tropical swamp"
Note: The virus may corrupt some files. Such files may not work correctly after cleaning and removal of the virus code. The corrupted programs will need to be restored from backups or the original installation packages.
I use bitdefender 7.2 with updates and it works. Here is the link: http://www.bitdefender.com/index.php
Currently it is Saturday, November 22, 2008 12:58 PM (GMT +1) There are a total of 64.046 posts in 15.836 threads. In the last 3 days there were 26 new threads and 155 reply posts. View Active Threads
Who's Online
This forum has 27196 registered members. Please welcome our newest member, Catlady UK. 47 Guest(s), 1 Registered Member(s) are currently online. Details Behram
|