Win32.jeefo.A - the executable with NEW svchost.exe and some .text ...

Discussion in 'malware problems & news' started by PROROOTECT, Apr 1, 2009.

Thread Status:
Not open for further replies.
  1. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Yes, presence of new file 'svchost.exe' in the Windows directory.

    Under Windows XP, presence of the 'Power Manager' service. This service has the description: 'Manages the power save features of the computer.'

    This executable file infector is written in MinGW and presents a VERY interesting (and DIFFICULT TO DISINFECT) infection technique.

    The file infection algorithm is complex; in some cases, infected files get corrupted.

    The infected file has the following layout:
    1) Virus
    2) Original file\'s resources (bitmaps, icons, etc) thus the infected file has the same main icon as the original file
    3) Original file chunks - encrypted.

    The virus contains the following text string: 'Hidden Dragon virus. Born in a tropical swamp.' encrypted ... When encrypted, the word 'hidden' is transformed to 'iJeefo' (this is where this virus got his name from).

    Hmmm ...:thumb: :doubt:

    Yours PROROOTECT tropical :argh: connexion
     
    PROROOTECT, Apr 1, 2009
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...