Win32.Jeefo.A

vladqui
edited June 2007 in Malware talk

On your page http://www.bitdefender.com/VIRUS-680-en--Win32.Jeefo.A.html you describe a potentially lethal virus and as the first symptom of its presence you say:


- Presence of the file "svchost.exe" in the Windows directory


However this is an original Microsoft file, installed when W2K is installed.


Perhaps the virus affects its behaviour, but I consider a serious mistake to alet users about the presence of this file as a symptom of being already infected.


More than one user could opt to delete this file and affect negatively the normal performance of W2K.


Please verify.


Vladimir Quintero

Comments

  • AndreiASM
    edited June 2007

    Hi Vladimir!


    it's true that svchost.exe it's a very important Windows service, and it's true that under older versions of windows this file already exists in %windir%. That file is the pure virus droper, and under newer windows's it exists in %sysdir% (%windir%\\system32), but if those users would be aware that that file is infected, it would know from an AV. And the Antivirus will delete the file too, because it looks like W2K can live without it. ;) For an advanced user, I think he would first check to see if there is in registry at run section the key "PowerManager" or "Power Manager" which points to the virus.


    Andrei