Anyone knows anything about that?

well...it's a virus...i couldnt find much information on it .. except it says it's a Virus signature database update... :-\

I already got this from Google but I am looking for a removal tool until my vendor release VDU

Win32.Hidrag


--------------------------------------------------------------------------------

Hidrag is not a dangerous memory resident parasitic Win32 virus. The virus infects Win32 PE EXE files. While infecting the virus encrypts a block of the victim file.

When the virus runs it creates its copy about 36K of size in Windows directory with the "svchost.exe" name and registers this file in system registry auto-start key:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

PowerManager = %WindowsDir%\SVCHOST.EXE

The virus then stays in Windows memory as active process, searches for EXE files on all drives starting from C: and infects them.

The virus does not manifest itself in any way. The virus contains the encrypted text strings:

Hidden Dragon virus. Born in a tropical swamp.

PowerManagerMutant

Ahhhh Found the dirty little bugger...

Hey Support,

Its that bloody AV company can't agree on a name problem again.. Did a search on the text you quoted as being from the virus..
The other name to look for is ... W32.Jeefo....

The info found on the Symantec Site (http://www.symantec.com/avcenter/venc/data/w32.jeefo.html)
W32.Jeefo is a Windows Portable Executable (PE) file infector. Files infected by W32.Jeefo increase in size by 36,352 bytes.

Also Known As: W32/Jeefo [McAfee], PE_JEEFO.A [Trend]
Type: Virus
Infection Length: 36,352 bytes
Systems Affected: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP
Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux



When svchost.exe (the first-generation W32.Jeefo executable) runs, it checks whether the program parameter specifies an infected application. If it detects that another application dropped and ran it, and that the application contains the following infection marker at a fixed file offset:

Hidden Dragon virus. Born in a tropical swamp.




Cheers

Guys was immediate.....almost 3 hours since I place the call........

They send me the extra DAT's as well instructions how to solve the case......

Isn't that wonderfull?

Fot those have F-Secure and this problem....

1. Update your dats
2. update with these files attached!!!
3. Reboot the client..
4. Start cleaning the mess!!!

Man, I got that HiDrag virus, and boy what a mess it made. My dumb ass decided to leave kazaa online while I was at the hospital with my g/f when she was in labor. My comp was fine when I left. I come home and AVG said that there was a virus called HiDrag. Then I got a memory error. I tried to run AVG to clean it up. Everytime it would start, it would shut off due to lack of psychical memory. So I ended up having to manually delete my exe's by hand to allow enough memory use to run a virus scan fully. Now as for this hidrag disin.zip what program do I use for this, where do I get it? I still have this file hidden in a folder on my comp and AVG will NOT delete it at all. I forget the name of the folder, but it said it was on drive C:\System Volume something and there is no such folder listed anywhere. Any help would be very appreciated for my computer still isn't running right at all and I don't want to have to reformat.

I think evryone wants to know how you got the virus anyways
i think we all would love to know how u got it
Im just guessing and i think it might be kazaa but well im not sure
kazaa is one of the famous places to get trojans and viruses :-\

Hi, I have Win32.hidrag and have no idea how to get rid of it. I think my son may have gotten it from Kazaa but I'm not sure. Does anyone here know how to get rid of it and can walk me through it? Thank you!

You could try http://www.symantec.com they probley have a removel tool. Near the bottom or middle of the page should be a link that says removal tools. Click on that and all the recent tools will be listed, find W32.hidrag and click on it. The rest should be easy, the site will guide you how to remove it. If you can find it try a search.