Trojan removal (Zefarch) Advise/Removal tool?

MickyBlueyes · Mar 10, 2011

Hi there chaps.

Suffering with this infection on one of our network PC's @ work. Our corporate end user anti virus (Symantec/Norton) keeps picking this up on scans and tries to delete it, but it constantly re creates.

I have done a few web searches and been into the registry to delete the entries it creates & found some & deleted, but not all the ones listed as they are not as described HERE . So basically the little beggar keeps re appearing on a re-boot :blast

Question is can someone suggest a software tool/application that will remove this blasted thing. Or can anyone give any better advice on removing the thing. Reformatting the drive is not an option sadly

PC is running XP pro if it is of any relevance.

TIA
Mike

(RIP) Proff · Mar 10, 2011

MickyBlueyes said:
Hi there chaps.

Suffering with this infection on one of our network PC's @ work. Our corporate end user anti virus (Symantec/Norton) keeps picking this up on scans and tries to delete it, but it constantly re creates.

I have done a few web searches and been into the registry to delete the entries it creates & found some & deleted, but not all the ones listed as they are not as described HERE . So basically the little beggar keeps re appearing on a re-boot

Question is can someone suggest a software tool/application that will remove this blasted thing. Or can anyone give any better advice on removing the thing. Reformatting the drive is not an option sadly

PC is running XP pro if it is of any relevance.

TIA
Mike

MALWAREBYTEs free edition...
Download and update...
put it on a pendrive and reboot infected pc in safe mode, then
run the malwarebytes from the pendrive :thumb2

MickyBlueyes · Mar 10, 2011

Proff said:
MALWAREBYTEs free edition...
Download and update...
put it on a pendrive and reboot infected pc in safe mode, then
run the malwarebytes from the pendrive

Cheers will give it a go, thanks.

Has this removed this particular beasty to your knowledge Proff?

andyclift · Mar 11, 2011

Trojans can be hard to remove if they start with the computer. System Restore can work but many of these trojans block it's use. A solution that I have found works is boot the computer in "safe mode". To do this keep tapping the f8 key as soon as you turn on the computer. You will then get a DOS screen with some boot options. Use the arrow keys to select safe mode.

Once the computer has booted go to System Restore and pick a time and date before you got the trojan. In safe mode the trojan won't run on start up so System Restore works OK.

I have used this to fix a few friends computers when they got caught by the pop up "virus alerts". The ones that offer a download fix for $30. All that happens is they spend $30 on trojans!!!.

Best solution though is buy a Mac !!

MickyBlueyes · Mar 11, 2011

andyclift said:
Best solution though is buy a Mac !!

I have had one for years but the software we use at work is not supported on a mac even though it would run it so stuck with them. :blast

I managed to remove it finally after about 2 1/2 hrs. It required;
1.System restore turned off.
2.Re-boot in safe mode.
3.In safe mode delete all known dodgy .dll's, & reg entries manually.
4.Run full scan with Malwarebytes (took ages) from pen drive as Proff suggested
5.Delete with MWB any further system restore entries it created (the little beggar was doing this so doing a system restore would not remove, just re-infected it :rob