bonjovi123

Sorry guys , i know i am pushing this a bit too far .... I will not bother or post any more if some one can help me with any link that can remove the worm or offer manual removal instruction. Sorry for all the trouble , Regards, A helpless poor guy

This is what i hate most , a deadly worm and i am all stuck with this . Customer has reported about a virus called win32.zafi d which has infected the system. I tried to boot up the system in Safe mdoe with networking , downloaded Malwarebytes , tried booting up in normal mode and installing super anti spyware , can not install that as well. when tried to enter msconfig the worm disconnected me from the customer's system . Download and ran the Symantec work removal tool from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042009-2349-99"> Here.</a> Alas !! , that did not help , what to do now , installed one more removal tool from Bitdefender , still little to cheer about. I am all stuck . Advised poor customer that i shall do some research (Downloading mp3 and torrents back home ) and get back the next day, advised to back up the data in the meantime. <span style="text-decoration: underline;">16.01.09 ( 3:34 pm IST )</span> Well , As i am sitting at my desk typing this , i have half an hour to log in . I would get back to our customer between 5pm - 6pm GMT to fight back against the trojan. Some one on youtube advised me to rename the Malware Bytes executable and retry. Lemme check the Malware Bytes forum ... OK , nothing found , i have posted my query , lets see how soon i get a reply. ... <span style="text-decoration: underline;">16.01.09 ( 4:20 pm IST )</span> No luck . Malware Bytes folks do not have a clue . The moderator advised me on forum etiquette as i had typed using CAPS LOCK on .... . Thanks ever so much Malware Bytes Forum. Here is some more stuff i came to know about Zafi <h4 class="sectiontitle">Payload</h4> <h6>Denies Application Execution</h6> Zafi.D prevents the user from using applications that contain any of the folowing strings in the filename: <em> regedit </em><em> msconfig </em><em> task</em> The worm accepts connections on port 8181 in order to download and execute files on infected system

Great !!!! , Thanks so much for all the support.

Hijack This is not running on the system. The virus is so deadly that its not even allowing me to visit any online virus scan website like http://www.housecall.antivirus.com. The same happens in safe mode with networking. Lemme repeat , MALWARE BYTES GETS DOWNLOADED FINE BUT DOES NOT UPDATE AND DOUBLE CLICKING THE EXECUTABLE DOES NOT RUN THE PROGRAM. I AM PRETTY SURE THAT THERE ARE SOME PROCESSES RUNNING IN THE BACKGROUND THAT CAN DETECT THE PRESENCE OF THE EXECUTABLE AND ARE STOPPING IT FROM RUNNING. I WANNA KNOW WHAT THEY ARE AND HOW TO GO FROM HERE.

Guys , i am all stuck . System is infected with Win32.zafi d . Downloaded MalwareBytes , downloaded fine but once i double click on it , nothing happens . Some one advised me to rename the executable and retry . Help !!!!!!!!!!!!