Win32.Zafi.B worm infection Manual removal guide
What is Win32.Zafi.B
Win32/Zafi.B is a worm spreading via e-mail and P2P networks.
Zafi.B worm is a moderately destructive worm that may cause antivirus and security products to stop working. It also may overwrite executables of installed security products. Zafi also disables RegEdit, MSconfig and the Task Manager and may also launch a DoS attack against several Hungarian web sites.
Technical Details of Win32.Zafi.B
Full name: Win32.Zafi.B
Date Appeared: 2004
Characteristic: Worm
How to Uninstall Win32.Zafi.B scam
The best way for the removal of Win32.Zafi.B is to install a good quality Anti-spyware Program and scan your system for any Win32.Zafi.B infections.
Automatic removal of Win32.Zafi.B is always good and complete as compared to any attempts to manually remove Win32.Zafi.B, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Win32.Zafi.B.
Instructions to get rid of Win32.Zafi.B
If you really want to remove the Win32.Zafi.B infection on your system manually then proceed as follows.
Turn off System Restore if you’re using Windows ME or XP. When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later.
Restart the computer in Safe Mode. Since the Zafi.B worm creates running processes, and Windows doesn’t allow you to delete files connected with running processes, restarting is necessary. Using Safe mode prevents Windows from loading drivers and auto run entries so your system boots relatively clean. In addition, Zafi.B blocks the use of Regedit which is required below.
Run a full system scan with an updated antivirus scanner (or one of the online scanners mentioned above). If your scanner does not remove everything, follow the next few steps.
IMPORTANT: Your antivirus software should, during detection, produce a list of files associated with the W32/Zafi.B or W32/Erkez virus (depends on scanner). The files will be copies of the worm stored in the Windows system folder and shared folders mentioned above. You should set your antivirus to delete them. If not, delete them manually.
Make a backup of the registry before you edit. Delete the Run entries associated with Zafi.B from the registry. These will be:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the key:
“_Hazafibb”=”%system%\.exe”
Also delete the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\_Hazafibb
Exit the registry editor.
Re-enable System Restore, reboot machine.
Re-scan to be sure all files are clean.
What is Win32.Zafi.B
Win32/Zafi.B is a worm spreading via e-mail and P2P networks.
Zafi.B worm is a moderately destructive worm that may cause antivirus and security products to stop working. It also may overwrite executables of installed security products. Zafi also disables RegEdit, MSconfig and the Task Manager and may also launch a DoS attack against several Hungarian web sites.
Technical Details of Win32.Zafi.B
Full name: Win32.Zafi.B
Date Appeared: 2004
Characteristic: Worm
How to Uninstall Win32.Zafi.B scam
The best way for the removal of Win32.Zafi.B is to install a good quality Anti-spyware Program and scan your system for any Win32.Zafi.B infections.
Automatic removal of Win32.Zafi.B is always good and complete as compared to any attempts to manually remove Win32.Zafi.B, which may sometime lead to erroneous results. If you are not completely aware of all the files and registry entries used by this rogue anti-spyware, then we do not recommend you to attempt for the manual removal of Win32.Zafi.B.
Instructions to get rid of Win32.Zafi.B
If you really want to remove the Win32.Zafi.B infection on your system manually then proceed as follows.
Turn off System Restore if you’re using Windows ME or XP. When you make changes to your system, Windows does a restoration checkpoint. If it does this while the system is infected, it may come back to re-infect later.
Restart the computer in Safe Mode. Since the Zafi.B worm creates running processes, and Windows doesn’t allow you to delete files connected with running processes, restarting is necessary. Using Safe mode prevents Windows from loading drivers and auto run entries so your system boots relatively clean. In addition, Zafi.B blocks the use of Regedit which is required below.
Run a full system scan with an updated antivirus scanner (or one of the online scanners mentioned above). If your scanner does not remove everything, follow the next few steps.
IMPORTANT: Your antivirus software should, during detection, produce a list of files associated with the W32/Zafi.B or W32/Erkez virus (depends on scanner). The files will be copies of the worm stored in the Windows system folder and shared folders mentioned above. You should set your antivirus to delete them. If not, delete them manually.
Make a backup of the registry before you edit. Delete the Run entries associated with Zafi.B from the registry. These will be:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the key:
“_Hazafibb”=”%system%\
Also delete the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\_Hazafibb
Exit the registry editor.
Re-enable System Restore, reboot machine.
Re-scan to be sure all files are clean.
No comments:
Post a Comment