Win32/Jeefo [Threat Name] go to Threat
Win32/Jeefo.A [Threat Variant Name]
| Category | virus |
| Size | 36352 B |
| Aliases | Virus.Win32.Hidrag.a (Kaspersky) |
| Virus:Win32/Jeefo.A (Microsoft) | |
| W32.Jeefo (Symantec) |
Short description
Win32/Jeefo.A is a file infector.
Installation
When executed, the virus creates the following files:
- %windir%\svchost.exe (36352 B, Win32/Jeefo.A)
The virus may set the following Registry entries:
- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
- "PowerManager" = "%windir\%svchost.exe"
- [HKEY_LOCAL_MACHINE/SYSTEM/ControlSet001/Services/PowerManager]
- "Type" = 16
- "Start" = 2
- "ImagePath" = "%windir%\svchost.exe"
- "DisplayName" = "Power Manager"
- "ObjectName" = "LocalSystem"
- "Description" = "Manages the power save features of the computer."
This causes the virus to be executed on every system start.
File infection
Win32/Jeefo.A is a file infector.
The virus searches fixed drives for executable files to infect.
The virus searches for files with the following file extensions:
- .exe
Several other criteria are applied when choosing a file to infect.
The virus infects the files by inserting its code at the beginning of the original program.
The original host executable can be reconstructed when an infected file is run.
The original file is then executed.
Other information
The virus may create the following files:
- %temp%\%variable%
A string with variable content is used instead of %variable% .
The virus contains the following text:
- Hidden Dragon virus. Born in a tropical swamp.