SysChat

SysChat (http://www.syschat.com/forum.php)
-   Security (http://www.syschat.com/tips-n-tricks/security/)
-   -   Remove win32.zafi.b - A hazardous Virus/Adware (http://www.syschat.com/remove-win32-zafi-b-hazardous-virus-5078.html)

dwarkarao 10-29-2009 03:15 AM
Remove win32.zafi.b - A hazardous Virus/Adware
 
Win32.zafi.b is a very dangerous adware which makes your system vulnerable to the core. It not only slows down your computer, but allows other infections to attack it. Below are its symptoms.
  • Gives fake popup to download PerfectDefender2009.
  • High CPU and network usage.
  • Antivirus will be disabled.

How to Remove Win32.zafi.b?

Follow the steps given below to remove the Win32,zafi.b completely from your system.
  • First of all you will have to stop virus using task manager or command prompt.Kill tasks named PerfectDefender2009.exe, pdefendr.exe and ikbmqvex.exe.
  • Now find virus files and delete them. Do this using cmd if possible. Here is the list of files made by the adware.
    c:\Program Files\Perfect Defender 2009
    c:\Program Files\Perfect Defender 2009\dbbase.div
    c:\Program Files\Perfect Defender 2009\pdefendr.exe
    %UserProfile%\Desktop\sccmsk.dll
    %UserProfile%\Local Settings\Temp\ikbmqvex.exe
    %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\PerfectDefender2009 1.32.lnk
    %UserProfile%\Desktop\PerfectDefender2009.lnk
    %UserProfile%\My Documents\PerfectDefender2009%UserProfile%\Start Menu\Programs\PerfectDefender2009\PerfectDefender2 009 1.32.lnk
    %UserProfile%\Start Menu\Programs\PerfectDefender2009\PerfectDefender2 009 Website.lnk
    %UserProfile%\My Documents\PerfectDefender2009\SDBHO.dll
    %UserProfile%\My Documents\PerfectDefender2009\sdcfg.dat
    %UserProfile%\My Documents\PerfectDefender2009\Logs
    %UserProfile%\My Documents\PerfectDefender2009\Quarantine
    %UserProfile%\Start Menu\Programs\PerfectDefender2009
    %UserProfile%\Start Menu\PerfectDefender2009 1.32.lnk
  • Now delete the entries from the registry which were made by the virus. Open Registry Editor and navigate to the following key. HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “PerfectDefender2009″. And delete the one with Perfect Defender in name.
Most probably the virus is removed from your system. But still if you feel like there is something still left behind you can try scanning your computer using this online scanning service.

Free Virus Scan - Kaspersky Lab


All times are GMT -4. The time now is 12:43 PM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54