Aliases: W32/Jeefo, Win32:Jeefo, Win32/HLLP.Jeefo, Win32.HLLP.Jeefo.36352, Win32.Hidrag 
Variants: Win32/Hidrag.A, Win32.Jeefo.A, Virus.Win32.Hidrag.a, Virus.Win32.Hidrag , PE_JEEFO.A 

Classification: Malware
Category: Computer Virus

Status: Inactive
Spreading: Moderate
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 30 Apr 2003
Damage: Low

Characteristics: The malware W32.Jeefo is parasitic and memory resident Win32 virus. This virus can infect Win32 PE executable files. It is capable of encrypting a block of target files while infecting. The virus will then stay in the Windows memory as a running process and look for executable files starting with drive C:\ and then infect them. This virus’ infection is quite hard to detect since infected machines may not show signs of typical virus infections at all.

More details about W32.Jeefo

Upon successfully infecting an executable file in the compromised machine, the W32.Jeefo malware will create another exe file. On operating systems based on Windows 9x, the virus will create a registry entry that will permit it to execute every time that Windows starts up. On the other hand, on systems running on Windows XP, 2000 or NT, the virus will install itself as a fake Windows service with the name ‘Power Manager’, the description ‘Manages the power save features of the computer’, the startup type ‘Automatic’ and the Log On As ‘LocalSystem’. When the virus becomes memory resident, it will occasionally search the machine for PE files that it can infect.

As a parasitic virus, the W32.Jeefo can modify the infected file’s code while the file will remain completely or to some extent functional. Parasitic viruses can either be appending, prepending or inserting. Prepending viruses write their code to the beginning of the target file, prepending viruses, to the end of the target file and inserting viruses, in the middle of the target file. The infection of the W32.Jeefo can be removed best with the aid of a reliable antivirus program since it is fairly hard to detect. Make sure that your antivirus program’s virus definitions are updated or update the definitions by yourself before scanning the system for traces of the virus infection.