Jeefo (computer virus)

The Jeefo Virus, also known as the Hidrag Virus is a computer virus which was made by the same hackers who created the Gedza Virus. It infects Windows Portable Executable files. It begins infection by entering the registry on the computer, specifically in the Run at startup key. It also files itself as an actual program in the registry as well. If you do not clear its 3 places of residence, it will immediately copy itself back into each of the listed directories.

ymptoms

1. Memory Usage is High2. Executables do not launch3. Multiple instances of svchost.exe launched in the task manager

Resolution

1. Delete the mother virus from 'C:/Windows/svchost.exe' a. If the file cannot be deleted, simply rename the file to a non executable file e.g.: 'svchost.txt', relaunch the computer in safe mode and then delete the .txt file2. Clean the start up registry of ALL listings a. Start > Run > regedit b. Browse to HKEY_LOCAL_MACHINE > Software > Microsoft > Windows > CurrentVersion > Run c. Delete all entries in all the folders prefixed with 'Run*' ie: (RunOnce etc.)3. Clean the actual virus from the registry a. Start > Run > regedit b. Browse to HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > PowerManager c. Delete the actual folder on the left 'PowerManager'.4. Reboot the Machine, check again in the steps above, to make sure no traces of the virus reside!

[If that does not work, Sophos has a fix tool that completely scans the computer for traces of Jeefo. Note: Some antivirus scanners pick the sophos tool as Malware. This tool is completely safe, and has been tested on 10+ networked computers.] [http://www.sophos.com/virusinfo/analyses/w32jeefoa.html FIX LINK]

Common Names and their respected detectors:Virus.Win32.Hidrag.a (Kaspersky)W32/Jeefo (McAfee)W32.Jeefo (Symantec)W32/Hidrag.a (Avira)W32/Jeefo-A (Sophos)Virus:Win32/Jeefo.A (Microsoft)

ee also

*Timeline of notable computer viruses and worms