Jeefo Removal Tool 1

Jeefo Removal Tool - Erase the Jeefo virus from any computer

A simple means of erasing the Jeefo virus from any computer

Jeefo Removal Tool is a lightweight utility that can help you clean the Win32.Jeefo.A malware from your system.

This executable file infector is written in MinGW and presents a very interesting (and difficult to disinfect) infection technique. It contains various strings, encrypted with a trivial algorithm:

.text:004012B0 decryption_loop:

.text:004012B0 mov cl, [edx+ebx]

.text:004012B3 dec cl

.text:004012B5 mov [edx+eax], cl

.text:004012B8 inc edx

.text:004012B9 cmp edx, edi

.text:004012BB jl short decryption_loop


When an infected file is executed for the first time, the virus receives control and dumps a copy of itself in the Windows directory as svchost.exe and registeres itself to be executed at every system startup: under Windows 9x/Me it adds a key to HKEY_LOCAL_MACHINE \Software\Microsoft\Windows\CurrentVersion\RunServices; under NT/2000/XP, it creates a service called "Power Manager".


The file infection algorithm is complex; in some cases, infected files get corrupted (the virus is not capable of handling certain resource types).


The infected file has the following layout:

1) Virus

2) Original file\'s resources (bitmaps, icons, etc) -> thus the infected file has the same main icon as the original file

3) Original file chunks - encrypted


The disinfection routine decrypts the file chunks, re-links the file, adds the resources and re-locates them to the new relative virtual address. Resource relocation is tricky and in some cases may cause the virus to fail (crash); however, these files are correctly disinfected by BitDefender.


The virus contains the following text string: "Hidden Dragon virus. Born in a tropical swamp." encrypted with the same trivial encryption algorithm as above. When encrypted, the word "hidden" is transformed to "iJeefo" (this is where this virus got his name from).

Jeefo Removal Tool 1 is licensed as Freeware for the Windows operating system / platform. Jeefo Removal Tool is provided as a free download for all software users (Freeware).