W32/Jeefo.A File Deletion Problem

G

Guest

I tried using the Sophos tools to remove this virus and the tools do not
detect it. My F-Prot Antivirus program keeps detecting this virus but it
seems to kill each instance before it can spread. I don't see the modified
keys in the registry either. However, I am still getting 5 - 10 popups per
day saying F-Prot blocked the file infected with W32/Jeefo.A. It is always
the same file embedded deep in the system at C;\System Volume
Information|.... directory path. The file is A0010718.exe.

Unfortunately, Windows does not allow me access to this directory to blow
this file off my system. Any help is appreciated on how to get rid of this
infected file or access to the System Volume Information directory.

Thank you for your time.
 
M

MowGreen [MVP]

The file in System Restore (System Volume Information) is NOT the file
infecting the system. Unless this is the first malware that can infect a
system from System Restore, then you'd be better off following Trend's
method for removing Jeefo.A :

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_JEEFO.A&VSect=Sn

Also, ensure that F-Prot is up to date with the latest definitions, then
boot to Safe Mode, and scan the system from within there :
http://snipurl.com/dmbp

Once the system is clean, then suggest you flush System Restore by right
clicking My Computer (either on the Desktop or the Start Menu), choose
Properties.
Click the System Restore tab and put a check mark next to " Turn off
System Restore "
Click Apply, OK.
This will flush the restore hierarchy.
Reenable it afterwards by unchecking the box, then clicking Apply, OK.

Is this the tool from Sophos that was used ? :
http://www.sophos.com/support/disinfection/jeefoa.html

MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============
 
D

David H. Lipman

From: "Jedanor" <[email protected]>

| I tried using the Sophos tools to remove this virus and the tools do not
| detect it. My F-Prot Antivirus program keeps detecting this virus but it
| seems to kill each instance before it can spread. I don't see the modified
| keys in the registry either. However, I am still getting 5 - 10 popups per
| day saying F-Prot blocked the file infected with W32/Jeefo.A. It is always
| the same file embedded deep in the system at C;\System Volume
Information|> .... directory path. The file is A0010718.exe.
|
| Unfortunately, Windows does not allow me access to this directory to blow
| this file off my system. Any help is appreciated on how to get rid of this
| infected file or access to the System Volume Information directory.
|
| Thank you for your time.

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

The file is in the System Restore cache. You have two choices.

1. Ignore it and it will eventually cache-out. That is unless you expect to retore from
a previous restore point which could restore the Jeffo.

2. Disable the System Restore cache. Reboot the PC and re-enable the cache and then
create a new Restore point. This will flush out the infector.
 
G

Guest

Yes. That was the Sophos tool I was using.

And thanks Dave.

I will flush system restore and see what happens from there.

MowGreen said:
The file in System Restore (System Volume Information) is NOT the file
infecting the system. Unless this is the first malware that can infect a
system from System Restore, then you'd be better off following Trend's
method for removing Jeefo.A :

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_JEEFO.A&VSect=Sn

Also, ensure that F-Prot is up to date with the latest definitions, then
boot to Safe Mode, and scan the system from within there :
http://snipurl.com/dmbp

Once the system is clean, then suggest you flush System Restore by right
clicking My Computer (either on the Desktop or the Start Menu), choose
Properties.
Click the System Restore tab and put a check mark next to " Turn off
System Restore "
Click Apply, OK.
This will flush the restore hierarchy.
Reenable it afterwards by unchecking the box, then clicking Apply, OK.

Is this the tool from Sophos that was used ? :
http://www.sophos.com/support/disinfection/jeefoa.html

MowGreen [MVP 2003-2006]
===============
*-343-* FDNY
Never Forgotten
===============


I tried using the Sophos tools to remove this virus and the tools do not
detect it. My F-Prot Antivirus program keeps detecting this virus but it
seems to kill each instance before it can spread. I don't see the modified
keys in the registry either. However, I am still getting 5 - 10 popups per
day saying F-Prot blocked the file infected with W32/Jeefo.A. It is always
the same file embedded deep in the system at C;\System Volume
Information|.... directory path. The file is A0010718.exe.

Unfortunately, Windows does not allow me access to this directory to blow
this file off my system. Any help is appreciated on how to get rid of this
infected file or access to the System Volume Information directory.

Thank you for your time.
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

W32.Blaster.Worm issue-Help! 1
norton unaware 1
System Volume Informaiion Infected 4
What if Virus can't be cleaned and can't be quarantined? 10
Turn off system restore, to remove W32.Silly 2
What is W32/Tibs.UT ? 1
Keylogger. 1
Virus detected in System Volume Information 3

Top