Win32.Zafi.B

[Tom]

Oh you absolute bastard. Just appeared on my XP desktop tonight, no warning, no dodgy sites, no dodgy emails - BAM! Firewall off, shutdown, reboot, firefox fucked, opera fucked shortly after.

Won't let me run Spyware Doctor (my traditional nuclear weapon), Nod32 won't update or find it, won't let me run some of the more esoteric tools provided on the hijackthis forums.

So while I'm waiting for help at the geekpolice forums complete with hijackthis logs, I just wanted to warn other people about this fucking pain in the arse appear from nowhere computer shagging virus.

Sigh, the last virus I got was years ago, and was easily sorted. This bastard won't even let me boot in safe mode.

 

[Kryten]

Ah, another one of these buggers - can be removed manually but often quicker just to backup what you can, wipe and start afresh.

Makes changes somewhere in the registry (that I've not fathomed yet) that redirects all security and AV related sites elsewhere, also stops AV update servers from resolving, and it's not the hosts file.

However they can be a "bit thick" - it wont let you run or install some packages - but renaming them can often be enough to do the trick - i.e. malwarebytes.exe to nernerne-nerner.exe will let it run Might be something to consider in it's removal if you bother.

 

[Tom]

Yes that's exactly what I've found, renaming things lets them run. It won't allow any virus packages to update though.

The guys at geekpolice are very good though, I've already eliminated some of the annoying shite that appears, its stopped closing the firewall, and several rootkits have been found and deleted.

This thing must have exploded recently - the forums on geekpolice are packed full of requests for this one.

Malware Removal & HijackThis logs

(my username is parrot of doom there)

 

[Tom]

I think it's dead now. Thankfully it only gathers email addresses and sends out spam. Something I'm sure most of the people I email do routinely anyway, judging by the speed at which any email address I use becomes a spam magnet.

It still took 3 hours to kill though, although 1 hour of that was waiting for a malware scan to complete.

By the way, this little tool seems to be very handy indeed, and is free:

Malwarebytes.org

It killified several things on my system.

 

[MYstIC G]

Skipped the "solved" post but found this in case anyone else also has a problem

Win32.Zafi.B@mm

 

[Tom]

I found that it won't allow you to run that programme.

 

[Kryten]

Yeah, always found that bit ironic - all these virus websites saying WE'VE A FIX, WE'VE A FIX! and publishing all these details, seemingly forgetting that half the payload of the infection disables the ruddy software in the first place

 

[dysfunction]

I think this little bugger was spotted by Kaspersky in a spam e-mail I received last night!

I didnt take all that much notice of the name as I deleted the e-mail as soon as Kaspersky warned me of the trojan...

 

[kirennia]

I think it's dead now. Thankfully it only gathers email addresses and sends out spam. Something I'm sure most of the people I email do routinely anyway, judging by the speed at which any email address I use becomes a spam magnet.

It still took 3 hours to kill though, although 1 hour of that was waiting for a malware scan to complete.

By the way, this little tool seems to be very handy indeed, and is free:

Malwarebytes.org

It killified several things on my system.

I ended up with a virus 4 or 5 days ago, ended up deleting 2 rootkits from my registry, had several trojans, completely disabled any anti-virus/adaware stuff ran on reboot after scanning and safemode stopped working... After scouring my computer deleting most of it (Linux to the rescue!), that program cleared up what was left... recommended