Tutorial Removing Win32.Zafi.B, Succeed!

Sponsored Links

Win32.Zafi.B categorized as worm which can make your system damaged (Windows users). Win32.Zafi.B discovered on June 11, 2004, have a medium damage impact.

The virus spreading via email, with the following formats (for: .hu .sp .ru .dk .ro .se .se .no .fi .lt .pl .pt .de .nl .cz .fr .it) The From: field is spoofed. Here is the e-mail examples:

Subject: eIngyen SMS!
Body:
———————— hirdetés —————————–

A sikeres 777sms.hu és az axelero.hu támogatásával újra
indul az ingyenes sms küldõ szolgáltatás! Jelenleg ugyan
korlátozott számban, napi 20 ingyen smst lehet felhasználni.
Küldj te is SMST! Nehány kattintás és a mellékelt regisztrációs
lap kitöltése után azonnal igénybevehetõ! Bõvebb információt
a www.777sms.hu oldalon találsz, de siess, mert az elsõ ezer
felhasználó között értékes nyereményeket sorsolunk ki!

———————— axelero.hu —————————

Attachment: regiszt.php?3124freesms.index777.pif

How can we know that my computers infected? Here are several symptoms:

  • Presence of the next files in %SYSTEM% folder: files with random names, the name is composed of 8 random letters, files with extension .dll and one with extension .exe most of the .dll files store e-mail addresses and are rather small in size (around 1 kbytes) a .dll file and the .exe file are copies of the virus, and have 12,800 bytes each
  • Regedit, Task Manager, Task Monitor don’t work
  • Presence in memory of a process called “link”
  • When run, the virus opens Internet Explorer with a recently typed url
  • Presence of the next registry keys or entries: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\”_Hazafibb”=”%SYSTEM%\%random%.exe”] where %random% is a name formed from 8 random characters [HKEY_LOCAL_MACHINE\Software\Microsoft\_Hazafibb] with entries b? c? d?, containing information about the infected computer and the exact names of the exe and dll files; where ? may be any digit or capital letter (eg: b1, bA, cA, etc) where %WINDOWS% points to Windows folder (or WinNT on Windows NT based systems) %SYSTEM% points to “System” folder on Windows 9x systems and “System32″ folder on WinNT systems.

How can I remove Win32.Zafi.B manually? Unfortunately, I can’t find how to remove Win32.Zafi.B in manual way. But you can use third party tools, such as Bitdefender to remove this worm automatically. Happy cleaning!

December 16, 2008 · Filed under Windows

All incoming search terms for this post

win.32.zafi.b (550) - Win32.Zafi B (507) - win32 zafi.b (461) - win32.zafi.b removal (435) - win32.zafi.b (375) - how to remove win32.zafi.b (366) - win32 zafi b (365) - win 32 zafi b (296) - remove Win32.Zafi.B (259) - win 32.zafi.b (194) - win32.zafi.b remove (171) - win32 zafi.b worm (133) - removing win32.zafi.b (113) - win32.zafi.b fix (104) - removing zafi.b (81) - Win32Zafi.b (77) - win32.zafi.b manual removal (55) - how to remove Zafi.b (42) - win.zafi (42) - win 32 zafi.b (42) - win32.zafib (36) - FIX win32.zafi.b (33) - zafi.b removal (30) - win.32 zafi.b (29) - manually remove win32.zafi.b (28) - how to fix win32.zafi.b (27) - removing zafi b (25) - win.32.zafi (25) - remove zafi.b (22) - win zafi (22) - zafi.b fix (21) - win.32.zafi.b virus (18) - how to delete win32.zafi.b (17) - how to remove win32 ZAFI.B (16) - remove win32 zafi b (16) - How do I remove Win32.Zafi.B (15) - Win32.Zafi.B how to remove (15) - zafi 32 (15) - win32.zafi.b remover (14) - win 32 zafi b virus (14) - Win32. Zafi.B (13) - how to remove win32.zafi.b virus (12) - win32.zafi.b cleaner (12) - win32 zafib (12) - file extension dll (12) - zafi.32 (10) - delete win32.zafi.b (9) - removing zafi (9) - how to manually remove Win32.Zafi.B (9) - win32 zafi b removal (9) -

Leave a Comment