Step by step fighting with W32/[email protected] worm.Article published on January, 2005.
W32/[email protected] also known as: Email-Worm.Win32.Zafi.d, [email protected], [email protected], W32/Zafi-D, WORM_ZAFI.D.
This worm spreads through e-mail. This worm does not use any exploit code in order to execute the mail attachment automatically. A user has to doubleclick on an infected attachment. It displays a fake error message upon executing. This worm drops the following files into system32 directory:
.EXE, Norton Update.EXE, .DLL, s.CM.
Also it creates registry key. Port 8181 is open on the infected system.
To remove this worm follow these steps:
1. DIsable System Restore if you are Windows XP or Windows Me user.
2. Restart computer in safe mode.
3. Delete Norton Update.EXE from system32 folder.
4. Remove registry keys "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wxp4" and "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
5. Download latest updates for your antivirus software and scan hard drive.
Support us and join
our new forum. Help us to create community!