Summary| Technical Details Search Threats Search by nameExample: [email protected] INFORMATION FOR: Enterprise Small Business Consumer (Norton) Partners OUR OFFERINGS: Products Products A-Z Services Solutions CONNECT WITH US: Support Connect Communities Security Intercept X A completely new approach to endpoint security. Log In Sign Up Forgot Password Set Password My Profile Products Payment History Notifications Change Password Log Out Avira Virus Lab Back W32/Jeefo.A Summary Description Details Submit a file Name W32/Jeefo.A Free Free Security Suite Antivirus Windows Mac Android iOS Security Privacy & Identity Phantom VPN Avira Scout Avira Browser Safety Avira SafeSearch Plus Vault for iOS Avira AppLock+ Avira Password Manager have a peek at this web-site
Secure Email Gateway Simple protection for a complex problem. Reconstruct the first-generation W32.Jeefo executable. 2. Identifying and submitting suspect files Submitting suspicious files to Symantec allows us to ensure that our protection capabilities keep up with the ever-changing threat landscape. Tries to disinfect that PE file to produce the original PE content, then attempts to overwrite the infected file with its original content. https://www.symantec.com/security_response/writeup.jsp?docid=2003-060316-1105-99
When an infected file is run on the victim machine, the file SVCHOST.EXE (36,352 bytes) is dropped in %WinDir%. SafeGuard Encryption Protecting your data, wherever it goes. The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms Symptoms The following symptoms may indicate that a computer is Additional Windows ME/XP removal considerations
Sophos Central Synchronized security management. Encrypts data that represents the host application with the stripped resources. 3. On Windows 95, Windows 98, and Windows ME, service processes do not appear in Windows Task Manager. Payload Infects files When a PE file that was infected is run, the virus: Closes the mutex.
Partners Support Company Downloads Free Trials All product trials in one place. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc. Indication of Infection This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section. https://www.symantec.com/security_response/detected_writeup.jsp?name=W32.Jeefo Find out ways that malware can get on your PC. What to do now Use the following free Microsoft software to detect and remove this threat: Windows Defender for Windows 10 and Windows
Attempts to run the original content of the PE file by running the dropped svchost.exe with a command-line argument as follows: %windir%\svchost.exe
Runs the reconstructed executable that does not contain W32.Jeefo code.In other words, when an application infected with W32.Jeefo is executed, the dropped W32.Jeefo first-generation program repairs it.If the operating system is http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Win32%2FJeefo SG UTM The ultimate network security package. On other versions of Windows, Win32/Jeefo: Registers itself as a service named: PowerManager with display name: Power Manager with description: Manages the power save features of the computer. If started with one What to do now Manual removal is not recommended for this threat.
The file is at least 35,328 bytes long. On Windows 95, Windows 98, Windows ME, and Windows NT 4.0, Win32/Jeefo registers itself as a service: Adds value: PowerManagerWith data:
On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows System Changes These are general defaults for typical path variables. (Although they may differ, these examples are common.): %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), On Windows 9x machines, the following Registry key is added to hook system startup: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\_ CurrentVersion\RunServices "PowerManager" = %WinDir%\SVCHOST.EXE On Windows NT/2000/XP machines, the dropped file is installed as a service, Let's talk!
Back to Top View Virus Characteristics Virus Characteristics This is a Trojan File PropertiesProperty ValuesMcAfee DetectionW32/Jeefo.ELength2525672 bytesMD5d688f94c769dfc589c802a15f284ef69SHA13ec4b0ae37d4b178e3ca9f24482bd38744e7c1ca Other Common Detection AliasesCompany NamesDetection NamesahnlabWin32/HidragavastWin32:JeefoAVG (GriSoft)Win32/Hidrag.AaviraW32/Jeefo.AKasperskyVirus.Win32.Hidrag.aBitDefenderWin32.Jeefo.BclamavW32.Jeefo-3Dr.WebWin32.HLLP.Jeefo.36352F-ProtW32/Jeefo.AFortiNetW32/Jeefo.AMicrosoftvirus:win32/jeefo.aSymantecW32.JeefoEsetWin32/Jeefo.Anormanw32/hidrag.apandaW32/Jeefo.ArisingWin32.Jeefo.ASophosW32/Jeefo-Avba32Virus.JeefoV-BusterWin32.HidragVet (Computer Associates)Win32/Jeefo.AOther brands and names Bad news for spam. Unlike viruses, Trojans do not self-replicate.
On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command
You should take immediate action to stop any damage or prevent further damage from happening. Reconstructs the original host by detaching appended data, decoding it, and moving the resources back to it. 3. English 简体中文 český English Français Deutsch Magyar Italiano 日本語 Polski Español 繁體中文 Legal Privacy Cookie Information 1 of 5 previous next close Please go to the Microsoft Recovery Console and restore a clean MBR.
Solutions Industries Your industry. FileNameMcAfee Supported %WINDIR%\svchost.exeW32/Jeefo This sample can be identified by the following symptoms. Public Cloud Stronger, simpler cloud security. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs.
Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment: Secure Wi-Fi Super secure, super wi-fi. Search Sign In Threat Analysis Threat Dashboard Free Trials Get Pricing Free Tools W32/Jeefo-A Category: Viruses and Spyware Protection available since:05 Jun 2003 00:00:00 (GMT) Type: Win32 executable file virus Last On Windows 95, Windows 98, Windows ME, and Windows NT 4.0, it changes the following registry entry so that it runs each time you start your PC: In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesSets value: "PowerManager"With data: " Prevention Take these steps to help prevent infection on your PC.
Prevention Take these steps to help prevent infection on your PC.