Results 1 to 9 of 9

Thread: Win32.Hidrag

  1. #1

    Win32.Hidrag

    Anyone knows anything about that?
    That was all folks!
    http://www.virusinfo.bz/cgi-bin/ultimatebb.cgi

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    well...it's a virus...i couldnt find much information on it .. except it says it's a Virus signature database update... :-\

  3. #3
    I already got this from Google but I am looking for a removal tool until my vendor release VDU

    Win32.Hidrag


    --------------------------------------------------------------------------------

    Hidrag is not a dangerous memory resident parasitic Win32 virus. The virus infects Win32 PE EXE files. While infecting the virus encrypts a block of the victim file.

    When the virus runs it creates its copy about 36K of size in Windows directory with the "svchost.exe" name and registers this file in system registry auto-start key:

    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    PowerManager = %WindowsDir%\SVCHOST.EXE

    The virus then stays in Windows memory as active process, searches for EXE files on all drives starting from C: and infects them.

    The virus does not manifest itself in any way. The virus contains the encrypted text strings:

    Hidden Dragon virus. Born in a tropical swamp.

    PowerManagerMutant
    That was all folks!
    http://www.virusinfo.bz/cgi-bin/ultimatebb.cgi

  4. #4
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Ahhhh Found the dirty little bugger...

    Hey Support,

    Its that bloody AV company can't agree on a name problem again.. Did a search on the text you quoted as being from the virus..
    The other name to look for is ... W32.Jeefo....

    The info found on the Symantec Site
    W32.Jeefo is a Windows Portable Executable (PE) file infector. Files infected by W32.Jeefo increase in size by 36,352 bytes.

    Also Known As: W32/Jeefo [McAfee], PE_JEEFO.A [Trend]
    Type: Virus
    Infection Length: 36,352 bytes
    Systems Affected: Windows 95, Windows 98, Windows ME, Windows NT, Windows 2000, Windows XP
    Systems Not Affected: Windows 3.x, Microsoft IIS, Macintosh, Unix, Linux
    When svchost.exe (the first-generation W32.Jeefo executable) runs, it checks whether the program parameter specifies an infected application. If it detects that another application dropped and ran it, and that the application contains the following infection marker at a fixed file offset:

    Hidden Dragon virus. Born in a tropical swamp.

    Cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  5. #5

    The F-Secure response

    Guys was immediate.....almost 3 hours since I place the call........

    They send me the extra DAT's as well instructions how to solve the case......

    Isn't that wonderfull?

    Fot those have F-Secure and this problem....

    1. Update your dats
    2. update with these files attached!!!
    3. Reboot the client..
    4. Start cleaning the mess!!!
    That was all folks!
    http://www.virusinfo.bz/cgi-bin/ultimatebb.cgi

  6. #6
    Junior Member
    Join Date
    Jun 2003
    Posts
    1
    Man, I got that HiDrag virus, and boy what a mess it made. My dumb ass decided to leave kazaa online while I was at the hospital with my g/f when she was in labor. My comp was fine when I left. I come home and AVG said that there was a virus called HiDrag. Then I got a memory error. I tried to run AVG to clean it up. Everytime it would start, it would shut off due to lack of psychical memory. So I ended up having to manually delete my exe's by hand to allow enough memory use to run a virus scan fully. Now as for this hidrag disin.zip what program do I use for this, where do I get it? I still have this file hidden in a folder on my comp and AVG will NOT delete it at all. I forget the name of the folder, but it said it was on drive C:\System Volume something and there is no such folder listed anywhere. Any help would be very appreciated for my computer still isn't running right at all and I don't want to have to reformat.

  7. #7
    I think evryone wants to know how you got the virus anyways
    i think we all would love to know how u got it
    Im just guessing and i think it might be kazaa but well im not sure
    kazaa is one of the famous places to get trojans and viruses :-\

  8. #8
    Junior Member
    Join Date
    Oct 2003
    Posts
    1
    Hi, I have Win32.hidrag and have no idea how to get rid of it. I think my son may have gotten it from Kazaa but I'm not sure. Does anyone here know how to get rid of it and can walk me through it? Thank you!

  9. #9
    Senior Member
    Join Date
    Jan 2003
    Posts
    220
    You could try http://www.symantec.com they probley have a removel tool. Near the bottom or middle of the page should be a link that says removal tools. Click on that and all the recent tools will be listed, find W32.hidrag and click on it. The rest should be easy, the site will guide you how to remove it. If you can find it try a search.
    [gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •