Remover for I-Worm.Zafi.B,D description
A tool which removes I-Worm.Zafi.B,D
This virus removal tool was designed to help users disinfect their computers when infected with I-Worm.Zafi.B,D.
The worm sends messages in different languages. For this purpose, it checks the domain extension of the email address.
To activate the worm when Windows starts, it enters the created .exe file in the Registry. For this purpose, it creates a value with the name ?_Hazafibb” in the following Registry key:
To prevent, that more than one instance of the worm is running, it creates a mutex with the name ?_Hazafibb”.
Creates the Registry key:
Terminates processes containing one of the following strings:
Tries to overwrite .exe files of known security programs, with its own code.
Performs a DoS attack against the following domains:
Tries to distribute using file sharing networks. For this purpose, the worm copies itself to all folders, containing the strings ?share” or ?upload” in their name. For this purpose, the worm uses the following file names:
Total Commander 7.0 full_install.exe
winamp 7.0 full_install.exe
To distribute by email, the worm gathers email addresses, from files with the following file extensions:
Don’t gathers addresses, containing one of the following strings:
Sends multilingual messages to the gathered addresses.
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!