Antijeefo Destroys All Infected Executables

rawbite
rawbite
in Malware talk

Your antijeefo virus removal tool killed all infected executables from my computer!!!


Could you advise? Is there any chance to recover my executables?


Thanks

Comments

  • Cd-MaN
    Cd-MaN

    Please attach some files so that we can take a look at them.


    Best regards.

  • rawbite
    rawbite

    here is putty terminal as you can download from the net and the bricked executable which was produced after disinfection. it seems that some part of the file is missing.

    /applications/core/interface/file/attachment.php?id=1191" data-fileid="1191" rel="">bit.zip

    bit.zip 453.8K
  • Cd-MaN
    Cd-MaN
    edited December 2007

    Please disregards most of what I've said :rolleyes:. I confused two virus families when responding to the post (Jeefo and Jacksuf). Everything I've said is related to the second family. Sorry about the confusion, but I just updated a removal tool for the second family two days ago and it was still on my mind.


    In conclusion: Unfortunately the sample is damaged beyond repair. Your best bet is to reinstall the damaged programs from their original install kits. Also, this virus (Jeefo, just to be clear :rolleyes: ) in some cases infects the files in such a way that disinfection in impossible, because it has a bug and in some conditions it overwrites critical section of the files.


    Unfortunately the sample is damaged beyond repair. Your best bet is to reinstall the damaged programs from their original install kits. This file infector damages many files in such ways that it's impossible to repair them (mainly files which have "added data" - aka overlay - at their end - for example install kits and self-extract archives), however this is not the case here.


    Could you please tell us how you've got the removal tool? I'm asking this because there are three versions of it, the first of which had some problems which were (as far as I can tell) fixed in the second and third. However, none of them were distributed publicly. If you could tell us from whom you got the removal tool (or better yet, attach the removal tool you've got to a post on the forum), we could identify the version of it and double check its functioning.


    Also, it would be great if you could send as many damaged files as possible. The forum has a 2M limit so you should either send it by mail to abalazs@bitdefender.com or check out the file transfer services described on the forum.


    Best regards and I'm deeply sorry for any problems we've caused.

  • rawbite
    rawbite

    Frankly I don't think it's the virus which destroyed the exes. All programs has worked fine with the virus active on the system, so it must be the antivir which cannot correctly remove the PE virus.


    I don't suggest that with the virus on the system was better, but you must review the antivir tool because it is something broken in it.


    Also I suggest that you should make logs in order to know which files were modified and maybe backup of the original files.


    I know it's a free tool which helps people, but I think there should be a responsibility from your side of making the tool at least not to destroy stuff.


    You wrote on your virus information page that some files cannot be recovered because of the virus, but my 1500+ exes are all destroyed!

All Time Leaders

Categories

Defenders of the month - March