kramerd1506
Technical User
Does anyone know of a tool, utility, or any other way to repair .exe files infected with the w32.jeefo virus?
I would REALLY appreciate the help.
ThAnKs!!
I would REALLY appreciate the help.
ThAnKs!!
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
W32.JEEFO Repair?
- Thread starter kramerd1506
- Start date
- Status
Howdy:
First of all, a good up to date av program would have caught this before it infected your system.. plain stupidity to be surfing and using email without one..
Murray
First of all, a good up to date av program would have caught this before it infected your system.. plain stupidity to be surfing and using email without one..
Murray
- Thread starter
- #3
kramerd1506
Technical User
Yes, I know. I had Norton AV but had let the definitions lapse for about 90 days or so. When I renewed it is when I found the virus.
I have read the link you posted thoroughly. Do you understand what is meant by this:
"When svchost.exe (the first-generation W32.Jeefo executable) runs, it checks whether the program parameter specifies an infected application. If it detects that another application dropped and ran it, and that the application contains the following infection marker at a fixed file offset:
Hidden Dragon virus. Born in a tropical swamp.
it will perform the following actions:
Waits until the infected host quits so that its file is unlocked.
Reconstructs the original host by detaching appended data, decoding it, and moving the resources back to it.
Runs the reconstructed executable that does not contain W32.Jeefo code.
In other words, when an application infected with W32.Jeefo is executed, the dropped W32.Jeefo first-generation program repairs it."
If the virus itself repairs these files, then shouldn't it be rather easy to find a repair tool on the internet somewhere? I can find no repair option talked about on the Symantec website or anywhere else. Does the above quote make any sense to you?
I have read the link you posted thoroughly. Do you understand what is meant by this:
"When svchost.exe (the first-generation W32.Jeefo executable) runs, it checks whether the program parameter specifies an infected application. If it detects that another application dropped and ran it, and that the application contains the following infection marker at a fixed file offset:
Hidden Dragon virus. Born in a tropical swamp.
it will perform the following actions:
Waits until the infected host quits so that its file is unlocked.
Reconstructs the original host by detaching appended data, decoding it, and moving the resources back to it.
Runs the reconstructed executable that does not contain W32.Jeefo code.
In other words, when an application infected with W32.Jeefo is executed, the dropped W32.Jeefo first-generation program repairs it."
If the virus itself repairs these files, then shouldn't it be rather easy to find a repair tool on the internet somewhere? I can find no repair option talked about on the Symantec website or anywhere else. Does the above quote make any sense to you?
- Status
Similar threads