Home > General > W32.jeefo


Secure Web Gateway Complete web protection everywhere. SophosLabs Behind the scene of our 24/7 security. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links. Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and

Creates the value: "PowerManager"="%windir%\svchost.exe" in the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ RunServices so that the virus starts when you start or restart Windows 95/98/Me. On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command Waits until the infected host quits so that its file is unlocked. 2. Creates file svchost.exe in the Windows folder. have a peek at this web-site

Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc. Back to Top View Virus Characteristics Virus Characteristics This is a parasitic 32-bit file infecting virus that infects Windows PE files on the victim machine. Tries to disinfect that PE file to produce the original PE content, then attempts to overwrite the infected file with its original content. Our findings are then pushed out to our millions of users with their next virus database update.

The tool has direct access to virus data from SophosLabs, our global network of threat researchers, ensuring that even the very latest viruses are detected and removed. Encrypts data that represents the host application with the stripped resources. 3. English 简体中文 český English Français Deutsch Magyar Italiano 日本語 한국의 Polski Español 繁體中文 Legal Privacy Cookie Information 1 of 5 previous next close This site uses cookies. Back to Top View Virus Characteristics Virus Characteristics This is a Trojan File PropertiesProperty ValuesMcAfee DetectionW32/Jeefo.ELength2525672 bytesMD5d688f94c769dfc589c802a15f284ef69SHA13ec4b0ae37d4b178e3ca9f24482bd38744e7c1ca Other Common Detection AliasesCompany NamesDetection NamesahnlabWin32/HidragavastWin32:JeefoAVG (GriSoft)Win32/Hidrag.AaviraW32/Jeefo.AKasperskyVirus.Win32.Hidrag.aBitDefenderWin32.Jeefo.BclamavW32.Jeefo-3Dr.WebWin32.HLLP.Jeefo.36352F-ProtW32/Jeefo.AFortiNetW32/Jeefo.AMicrosoftvirus:win32/jeefo.aSymantecW32.JeefoEsetWin32/Jeefo.Anormanw32/hidrag.apandaW32/Jeefo.ArisingWin32.Jeefo.ASophosW32/Jeefo-Avba32Virus.JeefoV-BusterWin32.HidragVet (Computer Associates)Win32/Jeefo.AOther brands and names

Summary| Technical Details Search Threats Search by nameExample: [email protected] INFORMATION FOR: Enterprise Small Business Consumer (Norton) Partners OUR OFFERINGS: Products Products A-Z Services Solutions CONNECT WITH US: Support Connect Communities Security Runs the reconstructed executable that does not contain W32.Jeefo code.In other words, when an application infected with W32.Jeefo is executed, the dropped W32.Jeefo first-generation program repairs it.If the operating system is Search Sign In Remove Jeefo with our free Virus Removal Tool Overview Infected with a virus? If you’re using Windows XP, see our Windows XP end of support page.

Sophos Mobile Countless devices, one solution. Free Tools Try out tools for use at home. Compliance Helping you to stay regulatory compliant. SophosLabs Behind the scene of our 24/7 security.

Search Sign In Threat Analysis Threat Dashboard Free Trials Get Pricing Free Tools W32/Jeefo-A Category: Viruses and Spyware Protection available since:05 Jun 2003 00:00:00 (GMT) Type: Win32 executable file virus Last https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=100277 Free Tools Try out tools for use at home. On Windows 95, Windows 98, Windows ME, and Windows NT 4.0, it changes the following registry entry so that it runs each time you start your PC:    In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesSets value: "PowerManager"With data: "

The mutex is named Global\PowerManagerMutant if the virus is running on the following versions of Windows: Windows XP Windows Server 2003 Windows 2000 The mutex is named PowerManagerMutant on other versions OEM Solutions Trusted by world-leading brands. And it works alongside your existing antivirus. Sophos Home Free protection for home computers.

By continuing to browse the site you are agreeing to our use of cookies. Your peace of mind. The virus runs continuously in the background, infecting files periodically. Presence of a file named svchost.exe in the Windows folder. (Note: On Windows NT-based systems such as Windows 2000, Windows XP, and Windows Server 2003, there is a legitimate file named svchost.exe in the

Double click Sophos Virus Removal Tool and then click the Start scanning button The tool scans your computer and removes any viruses it finds You’re done Download now What it does This svchost.exe file is a copy of the original virus. You should take immediate action to stop any damage or prevent further damage from happening.

Delete the value that was added to the registry (Windows 95/98/Me).

INFORMATION FOR: Enterprise Small Business Consumer (Norton) Partners OUR OFFERINGS: Products Products A-Z Services Solutions CONNECT WITH US: Support

Saves the disinfected file to %temp% if it cannot overwrite the infected file. KG. Registers itself as a service process to hide itself from the task list. 2. Free Trials All product trials in one place.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. This site uses cookies. W32.Jeefo locates the Windows main installation folder (by default this is C:\Windows or C:\Winnt) and uses it as a destination folder.If the operating system is Windows NT/2000/XP, the first-generation W32.Jeefo performs They are spread manually, often under the premise that they are beneficial or wanted.

This threat might have got on your PC if you inserted a removable disk or accessed a network connection that was infected.