Virus:W32/Hidrag.a
Date discovered:13/04/2005
Type:File infector
In the wild:No
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:No
File size:~ 36.352 Bytes
VDF version:6.30.00.93

 General Method of propagation:
   • Mapped network drives


Aliases:
   •  Symantec: W32.Jeefo
   •  Mcafee: W32/Jeefo
   •  Kaspersky: Virus.Win32.Hidrag.a
   •  TrendMicro: PE_JEEFO.A
   •  F-Secure: Virus.Win32.Hidrag.a
   •  Sophos: W32/Jeefo-A
   •  Grisoft: Win32/Hidrag.A
   •  Eset: Win32/Jeefo.A
   •  Bitdefender: Win32.Jeefo.A


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a malicious file
   • Registry modification




   

   Description

   W32/Hidrag.a is a non-dangerous memory resident virus that infects Win32 PE EXE files.

   The virus searches for files to infect and upon infection it encrypts part of the file.

   When an infected file is executed, it drops the first-generation infector in the Windows directory as svchost.exe, which is registered as "Power Manager" service (on Windows NT/2000/XP). The virus then executes the original file without manifesting itself in any way.
Description inserted by Daniel Constantin on Tuesday, April 3, 2007
Description updated by Daniel Constantin on Tuesday, April 3, 2007

Back . . . .