Subscriptions | RSS Feeds | Discussions | Polls | Site Map




All Threats

Viruses

Hackers

Spam
Whole site    Viruses
  
Virus Encyclopedia
Riskware
Alerts
Analysis
News
Glossary
Weblog


Malware Environment
Malware Descriptions
Who Creates Malware
History of Malware
Malware Trends
If Your Computer Is Infected

 
Malware Description Search

 

  Home / Viruses / Virus Encyclopedia / Malware Descriptions / Classic Viruses / File and Boot Viruses

Virus.Win32.Hidrag.a

Other versions: .c

Aliases
Virus.Win32.Hidrag.a (Kaspersky Lab) is also known as: Win32.Hidrag (Kaspersky Lab),  Virus.Win32.Hidrag (Kaspersky Lab), W32/Jeefo (McAfee),   W32.Jeefo (Symantec),   Win32.HLLP.Jeefo.36352 (Doctor Web),   W32/Jeefo-A (Sophos),   Win32/HLLP.Jeefo (RAV),   PE_JEEFO.A (Trend Micro),   W32/Jeefo (H+BEDV),   W32/Jeefo.A (FRISK),   Win32:Jeefo (ALWIL),   Win32/Hidrag.A (Grisoft),   Win32.Jeefo.A (SOFTWIN),   W32.Jeefo (ClamAV),   W32/Jeefo (Panda),   Win32/Jeefo.A (Eset)
Description added Jun 23 2003
Behavior Virus
Technical details

Hidrag is a non-dangerous memory resident parasitic Win32 virus. The virus infects Win32 PE EXE files. While infecting the virus encrypts a block of victim files.

When the Hidrag virus runs it creates a copy of itself that is about 36K in size and places it in the Windows directory using the name svchost.exe. Next Hidrag registers this file in the system registry auto-run key: 

 HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
  PowerManager = %WindowsDir%\SVCHOST.EXE

Hidrag then stays in Windows memory as an active process, searches for EXE files on all drives - starting with the C: drive - and infects them.

The virus does not manifest itself in any way.

The virus contains the following encrypted text strings: 

 Hidden Dragon virus. Born in a tropical swamp.
 PowerManagerMutant

 

Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
 

Email: webmaster@viruslist.com