Win32.zafi d – A kick ass trojan

15.01.09 (12:30 AM IST )

This is what i hate most , a deadly worm and i am all stuck with this . Customer has reported about a virus called win32.zafi d which has infected the system. I tried to boot up the system in Safe mdoe with networking , downloaded Malwarebytes ,  tried booting up in normal mode and installing super anti spyware , can not install that as well. when tried to enter msconfig the worm disconnected me from the customer’s  system . Download and ran the Symantec work removal tool from Here.

Alas !! , that did not help , what to do now , installed one more removal tool from Bitdefender , still little to cheer about. I am all stuck . Advised poor customer that i shall do some research (Downloading mp3 and torrents back home ) and get back the next day, advised to back up the data in the meantime.

16.01.09 ( 3:34 pm IST )

Well , As i am sitting at my desk typing this , i have half an hour to log in . I would get back to our customer between 5pm – 6pm GMT to fight back against the trojan. Some one on youtube advised me to rename the Malware Bytes executable and retry. Lemme check the Malware Bytes forum … OK , nothing found , i have posted my query , lets see how soon i get a reply. …

16.01.09 ( 4:20 pm IST )
No luck . Malware Bytes folks do not have a clue . The moderator advised me on forum etiquette as i had typed using CAPS LOCK on …. ;). Thanks ever so much Malware Bytes Forum.

Here is what i have found :
http://www.malwarebytes.org/forums/index.php?showtopic=9859
will try this surely

How did i get success:

Ok , here is how we removed the virus from the system .

First , you need to download , install and run an application called Combo Fix to scan and repair the system files . Details on download and usage is here.

After you run Combo Fix you would be able to run Malware Bytes , run a complete scan and remove the infected objects , reboot your system and rescan till Malware Bytes can nto find any more such infection. Next , uninstall your Antivirus product and reinstall the latest version with all the updates. If the issue still persists , please use the post to get in touch with me.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s