[ambray]

I have installed Norton Internet Security last night. I have turned off the Windows Firewall now as I have the Norton Firewall on. I received a message today from Norton saying that a trojan programme was trying to access my PC but that was blocked and Norton is saying that everything is fine now.

However, I keep receiving a pop up warning message from Security Center Alert saying that the Windows Firewall has blocked a Zafi.B trojan program and asking me if I want to download and active Windows protection. It seems strange I am receiving this message seeing that the Windows Firewall is now turned off.

Any suggestions on what I need to do to stop this error message appearing? Is there really a threat to my system considering that I have Norton Security installed and it is not showing any security issues currently? Any help would be greatly appreciated! Thanks.

[Support4U]

Hi Ambray,
sorry dont have, much time to night but will post a complete reply tommorrow, however understand ur systm is infected while disabling the windows firewall and installing the norton product since u lost protection some where in between. there are new threats such as antivirus 2009, antivirus 360, system regguard etc that are mostly spywares/malwares and getting downloaded on computers these days and asking many people to purchase such products since there computers are infected with worms / trojans etc..so pls dont download or purchase anything of that kind as of now till i get back to u with a resolution for this. take care cya

[karbo]

Are you sure Windows Firewall is really turned off?

[ambray]

That would be great if you could help me tomorrow. Thanks!

[ambray]

Quote:

Originally Posted by karbo

Are you sure Windows Firewall is really turned off?

Yes, it definitely says that the Windows Firewall is turned off.

[karbo]

Did you follow these steps when you turned off Windows Firewall (especially #7)? This will prevent any future pop-ups.

[Michael York]

Quote:

Originally Posted by ambray

I have installed Norton Internet Security last night. I have turned off the Windows Firewall now as I have the Norton Firewall on. I received a message today from Norton saying that a trojan programme was trying to access my PC but that was blocked and Norton is saying that everything is fine now.

However, I keep receiving a pop up warning message from Security Center Alert saying that the Windows Firewall has blocked a Zafi.B trojan program and asking me if I want to download and active Windows protection. It seems strange I am receiving this message seeing that the Windows Firewall is now turned off.

Any suggestions on what I need to do to stop this error message appearing? Is there really a threat to my system considering that I have Norton Security installed and it is not showing any security issues currently? Any help would be greatly appreciated! Thanks.

Hi ambray,

This is Mike from the Norton Authorized Support Team.

The Zafi.B Trojan that you mention that the Windows Firewall is telling you that you have is actually called "W32.Erkez.B@mm" at Symantec and is a mass mailing Trojan that takes advantage of a security hole in Windows.

This particular infection does have the ability to overwrite or infect system and other crucial files, which may be the case here if you saying that you disabled the Windows firewall and that it is still advising you of threats. As you may already know, if both firewalls are running at the same time it can cause conflicts and leave your system open to infections and cause other problems.

The advice I can give you is to run the following removal tool (4 times) to remove the infection.After running the tool 4 times, you would then want to run Windows Update to make sure you have all of the security patches applied.

Information and removal instructions for the W32.Erkez.B@mm infection


If you run the tool 4 times, update Windows and also update Norton Internet Security, and still receive the same message about the infection, then chances are that one or more of your system files has been infected and a reinstall of Windows would be your best bet.

Thank you,
Mike

[ambray]

Hi Mike,

Thanks for your advice. I followed the steps in your email but unfortunately I am still receiving the same pop up warning message. Any other suggestions or do I need to reinstall Windows?

Cheers

[Michael York]

Quote:

Originally Posted by ambray

Hi Mike,

Thanks for your advice. I followed the steps in your email but unfortunately I am still receiving the same pop up warning message. Any other suggestions or do I need to reinstall Windows?

Cheers

Hi ambray,

Thanks for getting back to me and I'm sorry to hear that the problem still exists. I think the first thing you should do before reformatting, etc, would be to call Microsoft to find out why the Windows Firewall keeps popping up even though you have disabled it.

After you resolve the issue with Windows, I would advise you to use the instructions below to properly remove and reinstall Norton Internet Security.

Please follow the steps below to ensure that Norton Internet Security 2007 is installed and updated correctly.

1. Click on the following link to download the Norton Removal Tool:

Norton Removal Tool and Instructions

2. After you run the tool, please restart your computer. Then log in to Windows again and run the removal tool again. Restart your computer after it is finished running the second time as well.

3. Make sure that your internet connection is working properly, and then reinstall Norton Internet Security 2009.

4. When the installation is complete,launch Norton Internet Security and click on "Run LiveUpdate."

5. When the updates are complete, perform a "Full System Scan" again to check for infections. NOTE: You may want to do the scan in Safe Mode instead.

Please contact Microsoft and get the Windows Firewall issue resolved and then follow the instructions I posted to uninstall/reinstall and let me know how it goes.

Thank you,
Mike

[karbo]

In post #6, there's a probable cause. Try enabling Windows Firewall again and disable it again. This time, don't forget to specify you have another firewall or you'll surely get the warnings. In step #7 from the link, it tells you the pop-ups will stop. It's pretty clear.

[Support4U]

hi,
Sorry wasnt able to update due to time constrains, however i will give u a link that will help u resolve ur issue, i have personally implemented these steps and been successfull 99% of times.

Please read the following steps carefully and then implement them

How to Remove Win32.Zafi.b Manually
Before we get started, you should backup your system and your registry, so it’ll be easy to restore your computer if anything goes wrong.

To remove Win32.Zafi.b manually, you need to delete Win32.Zafi.b files. Not sure how to delete Win32.Zafi.b files? Click here, and I’ll show you. Otherwise, go ahead and…

Stop Win32.Zafi.b processes:

perfectdefender2009.exe
c:\Program Files\Perfect Defender 2009\pdefendr.exe
UserProfile%\Local Settings\Temp\ikbmqvex.exe
ikbmqvex.exe

Unregister Win32.Zafi.b DLLs:
UserProfile%\Desktop\sccmsk.dll
UserProfile%\My Documents\PerfectDefender2009\SDBHO.dll

Get rid of Win32.Zafi.b registry keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “asus32″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PDefender
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Perfect Defender 2009″
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perf ect Defender 2009

Remove Win32.Zafi.b files:
c:\Program Files\Perfect Defender 2009\dbbase.div
UserProfile%\My Documents\PerfectDefender2009\sdcfg.dat

Delete Win32.Zafi.b folders:
c:\Program Files\Perfect Defender 2009\

Note: In any Win32.Zafi.b files I mention above, “%System%” is a variable referring to your PC’s System folder. Maybe you renamed it, but by default your System folder is “C:\Windows\System32″ on Windows XP, “C:\Winnt\System32″ on Windows NT/2000,” or “C:\Windows\System” on Windows 95/98/Me.

“%Program_Files%”, “%ProgramFiles%”, or “%Profile%” is a variable referring to a folder in your PC where applications that aren’t a part of your PC’s operating system are installed by default. You may have changed this folder’s name or moved it, but if you didn’t touch it, find the folder as “C:\Program Files”. If you’re having trouble finding this folder, you can locate it by looking up registry value “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesD ir”.

Also, “%UserProfile%” is a variable referring to your current user’s profile folder. If you’re using Windows NT/2000/XP, by default this is “C:\Documents and Settings\[CURRENT USER]” (e.g., “C:\Documents and Settings\JoeSmith”). If you have any questions about manual Win32.Zafi.b removal, go ahead and leave a comment.

How Do You Remove Win32.Zafi.b Files?
Need help figuring out how to delete Win32.Zafi.b files? While there’s some risk involved, and you should only manually remove Win32.Zafi.b files if you’re comfortable editing your system, you’ll find it’s fairly easy to delete Win32.Zafi.b files in Windows.

How to delete Win32.Zafi.b files in Windows XP and Vista:
Click your Windows Start menu, and from “Search,” click “For Files and Folders….”
A speech bubble will pop up asking you, “What do you want to search for?” Click “All files and folders.”
Type a Win32.Zafi.b file in the search box, and select “Local Hard Drives.”
Click “Search.” Once the file is found, delete it.

How to stop Win32.Zafi.b processes:
Click the Start menu, select Run.
Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys ALT + CTRL + DELETE or CTRL + Shift + ESC.
Click Processes tab, and find Win32.Zafi.b processes.
Once you’ve found the Win32.Zafi.b processes, right-click them and select “End Process” to kill Win32.Zafi.b.

How to remove Win32.Zafi.b registry keys:
Because your registry is such a key piece of your Windows system, you should always backup your registry before you edit it. Editing your registry can be intimidating if you’re not a computer expert, and when you change or a delete a critical registry key or value, there’s a chance you may need to reinstall your entire system. Make sure your backup your registry before editing it.

Select your Windows menu “Start,” and click “Run.” An “Open” field will appear. Type “regedit” and click “OK” to open up your Registry Editor.
Registry Editor will open as a window with two panes. The left side Registry Editor’s window lets you select various registry keys, and the right side displays the registry values of the registry key you select.
To find a registry key, such as any Win32.Zafi.b registry keys, select “Edit,” then select “Find,” and in the search bar type any of Win32.Zafi.b’s registry keys.
As soon as Win32.Zafi.b registry key appears, you can delete the Win32.Zafi.b registry key by right-clicking it and selecting “Modify,” then clicking “Delete.”

How to delete Win32.Zafi.b DLL files:
First locate Win32.Zafi.b DLL files you want to delete. Open your Windows Start menu, then click “Run.” Type “cmd” in Run, and click “OK.”
To change your current directory, type “cd” in the command box, press your “Space” key, and enter the full directory where the Win32.Zafi.b DLL file is located. If you’re not sure if the Win32.Zafi.b DLL file is located in a particular directory, enter “dir” in the command box to display a directory’s contents. To go one directory back, enter “cd ..” in the command box and press “Enter.”
When you’ve located the Win32.Zafi.b DLL file you want to remove, type “regsvr32 /u SampleDLLName.dll” (e.g., “regsvr32 /u jl27script.dll”) and press your “Enter” key.
That’s it. If you want to restore any Win32.Zafi.b DLL file you removed, type “regsvr32 DLLJustDeleted.dll” (e.g., “regsvr32 jl27script.dll”) into your command box, and press your “Enter” key.

Did Win32.Zafi.b change your homepage?
Click Windows Start menu > Control Panel > Internet Options.
Under Home Page, select the General > Use Default.
Type in the URL you want as your home page (e.g., “http://www.homepage.com”).
Select Apply > OK.
You’ll want to open a fresh web page and make sure that your new default home page pops up.
Win32.Zafi.b Removal Tip
Is your computer acting funny after deleting any Win32.Zafi.b files? I recommend using a program like File Recover from PC Tools. File Recover saves deleted files that otherwise can’t be recovered by Windows operating sytem.

Wish u all the luck