| mikeysrealm
 
 
 
			| Joined: 31 Dec 2005 |  | Posts: 0 |  |  |    |  | 
	
		|  Posted: Sat Dec 31, 2005 1:48 pm |  |  |  |  
		|  |  |  Running: Clamwin 0.87.1, main: 34, daily: 1219
Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
 
 
 ClamWin detected w32.Jeefo on my system, and following some research on the net, I found that this virus typically installs a registry key called "PowerManager" - yet no such key exists on my system (I searched manually and with the "find" feature).   Here is the virus log output:
 
 --------------------------------------
 Scan started: Sat Dec 31 02:00:00 2005
 
 ERROR: Can't open file C:\WINDOWS\system32\config\SECURITY
 ERROR: Can't open file C:\WINDOWS\system32\config\SAM
 ERROR: Can't open file C:\WINDOWS\system32\config\SYSTEM
 ERROR: Can't open file C:\WINDOWS\system32\config\SOFTWARE
 ERROR: Can't open file C:\WINDOWS\system32\config\DEFAULT
 ERROR: Can't open file C:\WINDOWS\system32\CatRoot2\tmp.edb
 ERROR: Can't open file C:\WINDOWS\SoftwareDistribution\EventCache\{A4C816E4-EE0D-4C62-8E5A-3ED5FC90B944}.bin
 C:\WINDOWS\svchost.exe: W32.Jeefo FOUND
 C:\Documents and Settings\Mik W\My Documents\Downloads\Password-Crackers\brutus\brutus-aet2.zip: Virtool.Brutus.A FOUND
 C:\Documents and Settings\Mik W\My Documents\Downloads\Password-Crackers\brutus\BrutusA2.exe: Virtool.Brutus.A FOUND
 C:\Documents and Settings\Mik W\My Documents\Website\2005-12-mikeysrealm\ie-vun.htm: Trojan.URLspoof.gen FOUND
 C:\System Volume Information\_restore{2C4EEC66-1D4D-4D88-B177-DA8A21110D8A}\RP50\A0006149.exe: Virtool.Brutus.A FOUND
 C:\System Volume Information\_restore{2C4EEC66-1D4D-4D88-B177-DA8A21110D8A}\RP50\A0006466.exe: W32.Jeefo FOUND
 C:\System Volume Information\_restore{2C4EEC66-1D4D-4D88-B177-DA8A21110D8A}\RP50\A0006467.exe: W32.Jeefo FOUND
 
 -- summary --
 Known viruses: 42042
 Engine version: 0.87.1
 Scanned directories: 6042
 Scanned files: 113023
 Infected files: 7
 Data scanned: 59811.58 MB
 Time: 11130.473 sec (185 m 30 s)
 
 I have taken a few SANS courses, so several of the hits are on files that I have downloaded - and the ie-vun.htm page I wrote to illustrate a vulnerability for one of my clients, and a method of stopping it via http proxies (prior to IE patches coming out).  These files always hit on the scan and I leave them alone - this way I know that the scanner is working!
 
 Could this possibly be a false positive?
 
 Thanks
 | 
	| 
 | 
	| alch
 Site Admin
 
 
			| Joined: 27 Nov 2005 |  | Posts: 0 |  |  |    |  | 
	
		|  Posted: Mon Jan 02, 2006 8:28 am |  |  |  |  
		|  |  |  i don't think it is a false positive, looks like the real virus. You can use https://www.virustotal.com www.virustotal.com to scan the file online with different a/v programs | 
	| 
 | 
	| mikeysrealm
 
 
 
			| Joined: 31 Dec 2005 |  | Posts: 0 |  |  |    |  | 
	
		|  Posted: Mon Jan 02, 2006 12:35 pm |  |  |  |  
		|  |  |  Thanks - I did just that - I appears to be a virus file, after deletion and rerunning ClamWin I appear to be fine - no services or registry keys that are unusual....
 Mike
 | 
	| 
 | 
	| Anjuchauhan
 
 
 
			| Joined: 24 Nov 2018 |  | Posts: 0 |  |  |    |  | 
	
		|  Posted: Sat Nov 24, 2018 7:18 am |  |  |  |  
		|  |  |  Bluetooth is a way that is used to sharing the data and files in front of any device, if you want to connect the Bluetooth with Windows 10 then you have to visit my website https://fixwindows10connections.com it will give you some specific rules that will help you when you want to connect Bluetooth with windows 10. | 
	| 
 |