Site Map | Global Sites | Contact HOME
Panda For:

Threat Level: Low threat 
  Damage: High
  Distribution: Not widespread 

At a glanceTech detailsPrevention & cureStatistics 
Common name:Zafi.B
Technical name:W32/Zafi.B.worm
Threat level:Low
Alias:I-Worm.Zafi.b, W32.Erkez.B@mm, PE_ZAFI.B

It prevents certain antivirus programs from being run by overwrtittng their executable files. It stops the processes belonging to several system tools.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:June 11, 2004
Detection updated on:June 28, 2004
In circulation?no
Yes, using TruPrevent Technologies
Brief Description 

Zafi.B is a worm that looks for directories in which antivirus programs are installed. If successful, Zafi.B overwrites the executable files with copies of itself. By doing so, the user will be unprotected against the attack of other malware. So whenever users run the antivirus, they will be running the Zafi.B without noticing.

In addition, Zafi.B searches for certain processes, such as the Windows Registry Editor, the Task Manager, etc. If successful, Zafi.B ends them.

Zafi.B spreads via e-mail in a message with variable characterics that can be written in different languages, and through peer to peer file sharing programs (P2P).

Visible Symptoms  

Zafi.B is easy to recognize once it has affected the computer, as it attempts to open any of the web sites stored in the following path of the Windows Registry every time it is executed:

HKEY_CURRENT_USER\ Software\ Microsoft\ Internet Explorer\ TypedURLs

Last updated:  June 28, 2004

Top Downloads
Titanium 06 (free)
Platinum 06 (free)
WebAdmin (free)
What name would you most like for this area?
Your Opinion | Make this your home page | Bookmark this page Privacy Policy | Legal notice