high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | July 2003 (3.71) |
| Protection available since | 28 September 2003 09:46:44 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing W32/Jeefo-A.
More Information
W32/Jeefo-A infects Windows PE executables with an extension of EXE and a filesize greater than 102,399 bytes, in all folders of all fixed drives C: to Z:.
The virus runs continuously in the background, infecting files at periodic intervals.
When an infected file is run, the virus dropper is extracted to the Windows folder as SVCHOST.EXE and the virus disinfects the host executable, although not all infected files will be successfully returned to their original state. W32/Jeefo-A infects Windows PE executables with an extension of EXE and a filesize greater than 102,399 bytes, in all folders of all fixed drives C: to Z:.
The virus runs continuously in the background, infecting files at periodic intervals.
When an infected file is run, the virus dropper is extracted to the Windows folder as SVCHOST.EXE and the virus disinfects the host executable, although not all infected files will be successfully returned to their original state.
Under Windows 95/98/Me the virus creates the following registry entries so that the virus is run automatically each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
PowerManager= <pathname of virus>
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
PowerManager= "C:\<Windows>\SVCHOST.EXE"
Under Windows NT based systems (Windows NT/2000/XP) the virus creates a service named PowerManager with the startup type set to automatic, so that the virus is run automatically on startup.
|
