high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 28 September 2003 09:46:44 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please read the instructions for removing W32/Jeefo-A.
More Information
W32/Jeefo-A infects Windows PE executables with an extension of EXE and a filesize greater than 102,399 bytes, in all folders of all fixed drives C: to Z:.
The virus runs continuously in the background, infecting files at periodic intervals.
When an infected file is run, the virus dropper is extracted to the Windows folder as SVCHOST.EXE and the virus disinfects the host executable, although not all infected files will be successfully returned to their original state. W32/Jeefo-A infects Windows PE executables with an extension of EXE and a filesize greater than 102,399 bytes, in all folders of all fixed drives C: to Z:.
The virus runs continuously in the background, infecting files at periodic intervals.
When an infected file is run, the virus dropper is extracted to the Windows folder as SVCHOST.EXE and the virus disinfects the host executable, although not all infected files will be successfully returned to their original state.
Under Windows 95/98/Me the virus creates the following registry entries so that the virus is run automatically each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
PowerManager= <pathname of virus>
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
PowerManager= "C:\<Windows>\SVCHOST.EXE"
Under Windows NT based systems (Windows NT/2000/XP) the virus creates a service named PowerManager with the startup type set to automatic, so that the virus is run automatically on startup.
|
