Win32.jeefo.A - the executable with NEW svchost.exe and some .text ...

Yes, presence of new file 'svchost.exe' in the Windows directory.

Under Windows XP, presence of the 'Power Manager' service. This service has the description: 'Manages the power save features of the computer.'

This executable file infector is written in MinGW and presents a VERY interesting (and DIFFICULT TO DISINFECT) infection technique.

The file infection algorithm is complex; in some cases, infected files get corrupted.

The infected file has the following layout:
1) Virus
2) Original file\'s resources (bitmaps, icons, etc) thus the infected file has the same main icon as the original file
3) Original file chunks - encrypted.

The virus contains the following text string: 'Hidden Dragon virus. Born in a tropical swamp.' encrypted ... When encrypted, the word 'hidden' is transformed to 'iJeefo' (this is where this virus got his name from).

Hmmm ...

Yours PROROOTECT tropical connexion