Home > General > W32.jeefo

W32.jeefo

Tries to disinfect that PE file to produce the original PE content, then attempts to overwrite the infected file with its original content. SophosLabs Behind the scene of our 24/7 security. The description of this service is "Manages the power save features of the computer." 2. Tries to run the disinfected PE file.   When a PE file infected by Win32/Jeefo runs, the program performs the following actions: Closes the mutex.

Then, the dropped file will be run with the program parameter that specifies an infected application, which has dropped and run Svchost.exe. 3. English 简体中文 český English Français Deutsch Magyar Italiano 日本語 한국의 Polski Español 繁體中文 Legal Privacy Cookie Information 1 of 5 previous next close This site uses cookies. Infects Windows portable executable (PE) files that are greater than or equal to 102,400 bytes long. Windows 2000 and XP) the virus creates a service named PowerManager with the startup type set to Automatic, so that the virus service is launched automatically on startup.

Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and Sophos Central Synchronized security management. Tries to run the disinfected PE file. IT Initiatives Embrace IT initiatives with confidence.

The virus runs continuously in the background, infecting files periodically. Unlike viruses, Trojans do not self-replicate. This svchost.exe file is a copy of the original stand-alone Win32/Jeefo virus. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

Partners Support Company Downloads Free Trials All product trials in one place. Attempts to run the original content of the PE file by running the dropped svchost.exe with a command-line argument as follows: %windir%\svchost.exe navigate here Secure Wi-Fi Super secure, super wi-fi.

Continue Learn More Some cookies on this site are essential, and the site won't work as expected without them. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another. Infected files increase in size by +36,352 bytes Methods of Infection This parasitic infector encrpyts the host file, appending the encrpyted data to the infected file. What to do now Manual removal is not recommended for this threat.

Partners Support Company Downloads Free Trials All product trials in one place. If you have Avira, you’ll get that update too. Type: Virus Subtype: Win32 DAT Required: 4262 Removal Instructions Overview Virus Characteristics Removal Instructions Description This is a virus detection. Public Cloud Stronger, simpler cloud security.

Reconstruct the first-generation W32.Jeefo executable. 2. Get Pricing The right price every time. Free Trials All product trials in one place. Saves the disinfected file to %temp% if it cannot overwrite the infected file.

On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command Close Products Network XG Firewall The next thing in next-gen. The virus infects Microsoft Windows portable executable (PE) files that are greater than or equal to 102,400 bytes long. SafeGuard Encryption Protecting your data, wherever it goes.

Solutions Industries Your industry. ActivitiesRisk LevelsAttempts to write file to shared locations.Enumerates many system files and directories.No digital signature is present McAfee ScansScan DetectionsMcAfee BetaW32/Jeefo.EMcAfee SupportedW32/Jeefo.E System Changes Some path values have been replaced with All rights reserved.

McAfee® for Consumer United StatesArgentinaAustraliaBoliviaBrasilCanadaChile中国 (China)ColombiaHrvatskaČeská republikaDanmarkSuomiFranceDeutschlandΕλλάδαMagyarországIndiaישראלItalia日本 (Japan)한국 (Korea)LuxembourgMalaysiaMéxicoNederlandNew ZealandNorgePerúPhilippinesPolskaPortugalРоссияSrbijaSingaporeSlovenskoSouth AfricaEspañaSverigeSchweiz台灣 (Taiwan)TürkiyeالعربيةUnited KingdomVenezuela About McAfee Contact Us Search ProductsCross-Device McAfee Total Protection McAfee LiveSafe McAfee Internet Security McAfee AntiVirus Plus McAfee

They are spread manually, often under the premise that the executable is something beneficial. Your peace of mind. Server Protection Security optimized for servers. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.

It will quit.When svchost.exe (the first-generation W32.Jeefo executable) runs, it checks whether the program parameter specifies an infected application. Secure Wi-Fi Super secure, super wi-fi. Appends this particular data to the newly constructed executable.If W32.Jeefo detects that it is an infected host application, it will do the following: 1. If you require support, please visit the Microsoft Answer Desk.If you suspect that a file has been incorrectly identified as malware, you can submit the file for analysis.Other Microsoft sitesWindowsOfficeSurfaceWindows PhoneMobile

Saves the disinfected file to %TEMP% if it cannot overwrite the infected file. Store Avira Prime For Home Store Home Antivirus Pro Internet Security Suite Optimization Suite Total Security Suite Phantom VPN Pro System Speedup Pro Antivirus Pro for Android Software Updater Pro For These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links. Let's talk!

Search Sign In Remove Jeefo with our free Virus Removal Tool Overview Infected with a virus? For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx. Our findings are then pushed out to our millions of users with their next virus database update. e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files The following files were analyzed: BearShare_setup.exe The following files have been added to the system: %TEMP%\mia1\translations.Dutch%TEMP%\mia1\index3.htm%TEMP%\mia1\index4.htm%TEMP%\mia1\translations.Italian%TEMP%\miaC.tmp\mia.lib%TEMP%\mia1\translations.Turkish%TEMP%\mia1\mMSIExec.dll%TEMP%\mia1\shared.translations.Dutch%TEMP%\mia1\SelectBroswers_ds.dfm.miaf%TEMP%\mia1\translations.German%TEMP%\miaC.tmp\BearShare_V10_tr_Setup.exe%TEMP%\mia1\translations.Spanish%TEMP%\mia1\SelectBroswers_tb.dfm%WINDIR%\svchost.exe%TEMP%\mia1\unwelcome.dfm%TEMP%\miaC.tmp\BearShare_V10_tr_Setup.msi%TEMP%\mia1\welcome_aw.dfm.miaf%TEMP%\mia1\BearShare_V10_tr_Setup.msi%TEMP%\mia1\mEXEWriteReg.dll%TEMP%\mia1\mDownExec.dll%TEMP%\mia1\translations.French%TEMP%\mia1\shared.translations.German%TEMP%\mia1\shared.translations.Polish%TEMP%\mia1\Nag.dfm%TEMP%\mia1\destination.dfm.miaf%TEMP%\mia1\unwelcome.dfm.miaf%TEMP%\mia1\pin.vbs%TEMP%\mia1\translations.Map%TEMP%\mia1\destination.dfm%TEMP%\mia1\mEXEFunc.dll%TEMP%\mia1\license.txt%TEMP%\mia1\TotalMemory.dll%TEMP%\mia1\unfinish.dfm%TEMP%\mia1\SelectBroswers.dfm%TEMP%\mia1\shared.translations.Portugese (Brazil)%TEMP%\mia1\translations.Original%TEMP%\mia1\shared.translations.English%TEMP%\mia1\Survey2.dfm%TEMP%\mia1\progress.dfm.miaf%TEMP%\mia1\UnPinItem.vbs%TEMP%\mia1\welcome.dfm%TEMP%\mia1\Finalizing.dfm%TEMP%\BearShare.ico%TEMP%\mia1\unfinish.dfm.miaf%TEMP%\mia1\finish.dfm%TEMP%\mia1\Finalizing.dfm.miaf%TEMP%\miaC.tmp\BearShare_V10_tr_Setup.res%TEMP%\mia1\index8.htm%TEMP%\mia1\license.rtf%TEMP%\mia1\shared.translations.Spanish%TEMP%\mia1\translations.Portugese (Brazil)%TEMP%\mia1\#BRAND#.mtx%TEMP%\3EC4B0AE37D4B178E3CA9F24482BD38744E7C1CA%TEMP%\mia1\index10.htm%TEMP%\mia1\SelectBroswers.dfm.miaf%TEMP%\mia1\index6.htm%TEMP%\mia1\shared.translations.Turkish%TEMP%\mia1\SelectBroswers_ds.dfm%TEMP%\mia1\Survey.dfm.miaf%TEMP%\mia1\Survey2_aw.dfm.miaf%TEMP%\miaC.tmp\OFFLINE\mMSI.dll\mMSIExec.dll%TEMP%\mia1\index2.htm%TEMP%\mia1\Torch_bundle.dfm.miaf%TEMP%\mia1\Survey2.dfm.miaf%TEMP%\mia1\welcome.dfm.miaf%TEMP%\mia1\welcome_aw.dfm%TEMP%\mia1\shared.translations.Map%TEMP%\mia1\translations.Polish%TEMP%\miaC.tmp\OFFLINE\mDown.dll\mDownExec.dll%TEMP%\mia1\unprogress.dfm.miaf%TEMP%\mia1\progress.dfm%TEMP%\mia1\Torch_bundle.dfm%TEMP%\mia1\shared.translations.French%TEMP%\mia1\shared.translations.Original%TEMP%\mia1\int.mia%TEMP%\mia1\translations.English%TEMP%\mia1\InstallHelper.dll%TEMP%\mia1\unprogress.dfm%TEMP%\mia1\icon.ico%TEMP%\mia1\Survey.dfm%TEMP%\mia1\SelectBroswers_tb.dfm.miaf%TEMP%\mia1\Nag.dfm.miaf%TEMP%\mia1\index5.htm%TEMP%\mia1\shared.translations.Italian%TEMP%\mia1\finish.dfm.miaf%TEMP%\miaC.tmp\OFFLINE\mIDEFunc.dll\mEXEFunc.dll%TEMP%\mia1\Survey2_aw.dfm%TEMP%\mia1\index7.htm%TEMP%\mia1\index1.htm

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. C:\WINDOWS\SYSTEM\SVCHOST.EXE. VDF 7.01.01.203 (2009-01-29 15:07) Aliases Avast: Win32:Gardih AVG: Win32/Hidrag.A ClamAV: W32.Jeefo-3 Dr. Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone.

English 简体中文 český English Français Deutsch Magyar Italiano 日本語 한국의 Polski Español 繁體中文 Legal Privacy Cookie Information 1 of 5 previous next close This site uses cookies. Back to Top View Virus Characteristics Virus Characteristics This is a parasitic 32-bit file infecting virus that infects Windows PE files on the victim machine. Professional Services Our experience. Once a machine is infected, the dropped SVCHOST.EXE (running as a service on NT/2k) periodically infects executables on the machine.

Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc. IT Initiatives Embrace IT initiatives with confidence. Our expertise. By using our site you accept the terms of our Privacy Policy.

If you’re using Windows XP, see our Windows XP end of support page. Secure Email Gateway Simple protection for a complex problem. SafeGuard Encryption Protecting your data, wherever it goes.