Jeefo Removal Tool Crack With Activator

Jeefo Removal Tool is a lightweight utility that can help you clean the Win32.Jeefo.A malware from your system.

This executable file infector is written in MinGW and presents a very interesting (and difficult to disinfect) infection technique. It contains various strings, encrypted with a trivial algorithm:

.text:004012B0 decryption_loop:

.text:004012B0 mov cl, [edx+ebx]

.text:004012B3 dec cl

.text:004012B5 mov [edx+eax], cl

.text:004012B8 inc edx

.text:004012B9 cmp edx, edi

.text:004012BB jl short decryption_loop

When an infected file is executed for the first time, the virus receives control and dumps a copy of itself in the Windows directory as svchost.exe and registeres itself to be executed at every system startup: under Windows 9x/Me it adds a key to HKEY_LOCAL_MACHINE SoftwareMicrosoftWindowsCurrentVersionRunServices; under NT/2000/XP, it creates a service called "Power Manager".

The file infection algorithm is complex; in some cases, infected files get corrupted (the virus is not capable of handling certain resource types).

The infected file has the following layout:

1) Virus

2) Original file's resources (bitmaps, icons, etc) -> thus the infected file has the same main icon as the original file

3) Original file chunks - encrypted

The disinfection routine decrypts the file chunks, re-links the file, adds the resources and re-locates them to the new relative virtual address. Resource relocation is tricky and in some cases may cause the virus to fail (crash); however, these files are correctly disinfected by BitDefender.

The virus contains the following text string: "Hidden Dragon virus. Born in a tropical swamp." encrypted with the same trivial encryption algorithm as above. When encrypted, the word "hidden" is transformed to "iJeefo" (this is where this virus got his name from).