Results 1 to 3 of 3

Thread: w32.jeefo

  1. #1

    Arrow w32.jeefo

    http://securityresponse.symantec.com...w32.jeefo.html

    i seem to have picked this up from somewhere :/
    Nortons knows it's there but cannot delete it.
    it tells me either it cannot delete/fix the file or it does not have permission to access the file.

    i have booted 3 times since it has been detected and each time it is in a different place.

    the above link gives advaice etc on how to remove and says:

    "5. Deleting the value from the registry

    CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

    Click Start, and then click Run. (The Run dialog box appears.)
    Type regedit

    Then click OK. (The Registry Editor opens.)


    Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


    In the right pane, delete the value:

    "PowerManager"="%windir%\svchost.exe"


    Exit the Registry Editor."



    but that registry entry is not there.




    any ideas as to why Nortons doesn't delete the file?
    and also ideas on how i can delete this virus?


    ty in advance

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    I may get clobbered for this suggestion, but when I run into that situation, first of all, check and see if it is running in taskmanager (I've had some that don't show up here though)

    Next step, is i go into explorer and search for every instance of the .exe file and rename to .ded (for dead bug!!) . Then reboot. If you have gotten every instance of it, you should get some kind of eror message on startup that "xxx.exe" is missing.

    From there on, you should be able to delete all instances of the now renamed .ded file.

    I think it is also worth noting that you should disable system restore before starting this to prevent it from "finding" itself in the backup, and reinstalling itself.

    But that's just my 2 bits.... good luck.

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    You might try booting in safe mode, then running you AV scan? Make sure tha AV is up to date first.

    This sometimes works, as the scumware does not load up and protect itself.

    You might also try searching for "Hijack This" v1.97. It shows you what is running on your machuine, and is less likely to be "nobbled" than task manager.

    Good Luck.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •