Win32/Jeefo [Threat Name] go to Threat

Win32/Jeefo.A [Threat Variant Name]

Category virus
Size 36352 B
Detection created Feb 05, 2006
Detection database version 1394
Aliases Virus.Win32.Hidrag.a (Kaspersky)
  Virus:Win32/Jeefo.A (Microsoft)
  W32.Jeefo (Symantec)
Short description

Win32/Jeefo.A is a file infector.

Installation

When executed, the virus creates the following files:

  • %windir%\­svchost.exe (36352 B, Win32/Jeefo.A)

The virus may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­RunServices]
    • "PowerManager" = "%windir\­%svchost.exe"
  • [HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/PowerManager]
    • "Type" = 16
    • "Start" = 2
    • "ImagePath" = "%windir%\­svchost.exe"
    • "DisplayName" = "Power Manager"
    • "ObjectName" = "LocalSystem"
    • "Description" = "Manages the power save features of the computer."

This causes the virus to be executed on every system start.

File infection

Win32/Jeefo.A is a file infector.


The virus searches fixed drives for executable files to infect.


The virus searches for files with the following file extensions:

  • .exe

Several other criteria are applied when choosing a file to infect.


The virus infects the files by inserting its code at the beginning of the original program.


The original host executable can be reconstructed when an infected file is run.


The original file is then executed.

Other information

The virus may create the following files:

  • %temp%\­%variable%

A string with variable content is used instead of %variable% .


The virus contains the following text:

  • Hidden Dragon virus. Born in a tropical swamp.

Please enable Javascript to ensure correct displaying of this content and refresh this page.