Instructions to remove Safesoft Trojan (WIN32.Zafi.B virus)

Symptoms of a computer infected with WIN32.Zafi.B is that Windows Firewall will automatically appear with messages like ' Security Center Alert ', ' To help protect your computer, Windows Firewall có hoạt động đã xác định của máy phục vụ harmful . '. Then there is a line with the _____ mark, followed by the message:

' Do bạn muốn thiết bị khối này'.
Name: Sinowal.Trojan
Risk Level: High
Description: Sinowal.Trojan is a Trojan program that records and takes screen shots of the computer. Stealing personal financial Information . '

There will be 3 options for users: Keep Blocking, Unblock (these 2 buttons are gray and you cannot click), Enable Protection - the only button you can interact with and it will automatically point to a website called Safe Soft Reviews, there are 'selling' a lot of security security programs with extremely attractive information.

Just below the button, you will see the warning information given by the program as follows:

' Windows Firewall đã tìm thấy không cho phép hoạt động, nhưng nó không thể thực hiện bạn gỡ bỏ các người dùng. Gặp khoá loggers và đối tượng khác khác và gỡ bỏ bạn thông tin thông tin từ bạn computer . '

And below that link is the comment line: ' Click to download and activate protection ':

Instructions to remove Safesoft Trojan (WIN32.Zafi.B virus) Picture 1

When you open this link in IE, you will see the security center warning you of the sign of sinowal.trojan on it

Solution 01

Navigate to the path: C: documents and settingsusernameapplication dataGoogle , you will see a file named xxxxxx.exe ( pfysw721318.exe .) with the symbol of a certain security program. Please delete the file:

Instructions to remove Safesoft Trojan (WIN32.Zafi.B virus) Picture 2

For some computers, there will be an error when deleting the file:

Instructions to remove Safesoft Trojan (WIN32.Zafi.B virus) Picture 3

When encountering this case, use KillBox program and select the file to delete, the program will execute this command after the user restarts the computer.

Solution 02

You only need to use the following free Combofix program, run the file, the program will automatically scan the entire system and detect harmful virus patterns in the computer.