On Sun, 1 Feb 2004 13:02:02 -0800, "Anthony"
I think I've got it how do I get rid of it HELP!
Jeefo.A is a toughie; it creates "face-hugger" dependencies that can't
be un-picked when cleaning it formally.
These free avs detect it on formal scanning...
- F-Prot for DOS
- NOD32 for DOS evaluation
- Sophos for DOS evaluation
- AVG rescure disk system
....unless snookered by NTFS, of course.
Sophos' web site has a free cleaner that runs informally (i.e. from
within the infected OS, while Jeefo is active - scary...) and did
succeed in fixing everything up in the case that I saw.
My general approach to Jeefo would be:
1) Google for and read *all* the desc(ription)s you can find
2) Use formal tools to ennumerate what files are infected
3) Use informal tools to clean the virus
4) Repeat (2) as safety check; rename any remaining, goto (3)
5) Keep lists from (2-4) in case some files remain bent
6) If bent, Extract new copies of files from lists (5)
See
http://users.iafrica.com/c/cq/cquirke/virtest.htm on what I mean
by "formal scanning".
Jeefo exists as a "master" malware file that is auto-started via the
startup axis (a registry Run key, AFAICR) as well as within a number
of existing code files (that you need) that it has infected
internally. The problem; these infected files are encrypted, and the
"keys" to render them useable are held by the master malware.
So if you just "delete" what you eyeballed in the startup axis, you
may have killed the only code (hostile though that code may be) that
could have got your needed files back.
It seems as if unpicking and fixing this lot from DOS mode is beyond
the av industry's capabilities, so you are forced to tackle it head-on
while it is running - a nerve-racking idea, but apparently the only
way here. Ask yourself; do you feel lucky today?
--------------- ----- ---- --- -- - - -
Dreams are stack dumps of the soul
