Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


Partners
 
Virus.Jeefo Trojan Information

Name: Virus.Jeefo
Category: Trojan
Alias: - Alias: I-Worm.Lentin.i, I-Worm.Lenting.I, W32/Yaha
Advice: Remove
Risk: Severe Risk Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description:

Virus.Jeefo detection is provided both for the Virus.Jeefo stand-alone, first-generation executable and for a host application, which is infected with Virus.Jeefo.

Virus.Jeefo infects the host application in three steps. The virus:
Imports the hosts resources.
Encrypts data that represents the host application with the stripped resources.
Appends this particular data to the newly constructed executable.

If Virus.Jeefo detects that it is an infected host application, it will do the following:
Reconstruct the first-generation Virus.Jeefo executable.
Drop it as Svchost.exe into the %Windows% folder.
Then, the dropped file will be run with the program parameter that specifies an infected application, which has dropped and run Svchost.exe.
It will quit.

When svchost.exe (the first-generation Virus.Jeefo executable) runs, it checks whether the program parameter specifies an infected application. If it detects that another application dropped and ran it, and that the application contains the following infection marker at a fixed file offset:

Hidden Dragon virus. Born in a tropical swamp.

it will perform the following actions:
Waits until the infected host quits so that its file is unlocked.
Reconstructs the original host by detaching appended data, decoding it, and moving the resources back to it.

Runs the reconstructed executable that does not contain Virus.Jeefo code.

In other words, when an application infected with Virus.Jeefo is executed, the dropped W32.Jeefo first-generation program repairs it.
Signatures: process: svchost.exe: MD5 Hash: d7087dc8386182fda70... process: svchost.exe: MD5 Hash: e3c13b6556d5636b745..
Type: Trojan -



Top Trojan Visited Pages:
Tro.Downloader.loadadv - 398 visits
Enable Regedit - 185 visits
Java.ClassLoader.Dummy.d - 175 visits
Trojan.BankerSpy - 169 visits
RBot.steam - 84 visits
Startup.NameShifter.Xgtray - 76 visits
Tro.Bagle.SP - 58 visits
Trojan.BHO.NameShifter.EZ - 54 visits
Tro.YourStartingPage - 53 visits
Trojan.Win32/Painwin.A - Alias: Trojan:Win32/Painwin.A - 52 visits

Random Trojan Pages:
Headline Trojan - Alias: Headline, I-Worm.Headline
VBS.Golden
Trojan.Startup.NameShifter.ID
Trojan.Startup.NameShifter.IJ
Remote Snap Shot
JS.Recycled
Trojan.Abwiz - Alias: trojan.Small.BO, Trojan-Proxy.Win32.Small.bo, Trojan.Abwiz, wupdate
Trojan.Startup.NameShifter.IT
Hokum.Batch
Elksoft Firewall Killer - Alias: I-Worm.Lentin.i, I-Worm.Lenting.I, W32/Yaha


 

© 2006-2008 spyware32.com - Privacy Policy