This is what i hate most , a deadly worm and i am all stuck with this . Customer has reported about a virus called win32.zafi d which has infected the system. I tried to boot up the system in Safe mdoe with networking , downloaded Malwarebytes , tried booting up in normal mode and installing super anti spyware , can not install that as well. when tried to enter msconfig the worm disconnected me from the customer's system . Download and ran the Symantec work removal tool from <a href="http://www.symantec.com/security_response/writeup.jsp?docid=2004-042009-2349-99"> Here.</a> Alas !! , that did not help , what to do now , installed one more removal tool from Bitdefender , still little to cheer about. I am all stuck . Advised poor customer that i shall do some research (Downloading mp3 and torrents back home ) and get back the next day, advised to back up the data in the meantime. <span style="text-decoration: underline;">16.01.09 ( 3:34 pm IST )</span> Well , As i am sitting at my desk typing this , i have half an hour to log in . I would get back to our customer between 5pm - 6pm GMT to fight back against the trojan. Some one on youtube advised me to rename the Malware Bytes executable and retry. Lemme check the Malware Bytes forum ... OK , nothing found , i have posted my query , lets see how soon i get a reply. ... <span style="text-decoration: underline;">16.01.09 ( 4:20 pm IST )</span> No luck . Malware Bytes folks do not have a clue . The moderator advised me on forum etiquette as i had typed using CAPS LOCK on .... . Thanks ever so much Malware Bytes Forum. Here is some more stuff i came to know about Zafi <h4 class="sectiontitle">Payload</h4> <h6>Denies Application Execution</h6> Zafi.D prevents the user from using applications that contain any of the folowing strings in the filename: <em> regedit </em><em> msconfig </em><em> task</em> The worm accepts connections on port 8181 in order to download and execute files on infected system