Win32.jeefo.A - the executable with NEW svchost.exe and some .text ...

Discussion in 'malware problems & news' started by PROROOTECT, Apr 1, 2009.

Thread Status:
Not open for further replies.
  1. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Yes, presence of new file 'svchost.exe' in the Windows directory.

    Under Windows XP, presence of the 'Power Manager' service. This service has the description: 'Manages the power save features of the computer.'

    This executable file infector is written in MinGW and presents a VERY interesting (and DIFFICULT TO DISINFECT) infection technique.

    The file infection algorithm is complex; in some cases, infected files get corrupted.

    The infected file has the following layout:
    1) Virus
    2) Original file\'s resources (bitmaps, icons, etc) thus the infected file has the same main icon as the original file
    3) Original file chunks - encrypted.

    The virus contains the following text string: 'Hidden Dragon virus. Born in a tropical swamp.' encrypted ... When encrypted, the word 'hidden' is transformed to 'iJeefo' (this is where this virus got his name from).

    Hmmm ...:thumb: :doubt:

    Yours PROROOTECT tropical :argh: connexion
     
Loading...
Thread Status:
Not open for further replies.