Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Could you help me remove Trojan Zefarch?

  • Please log in to reply
1 reply to this topic

#1 hoguesan


  • Members
  • 1 posts
  • Local time:05:52 AM

Posted 03 July 2010 - 06:28 AM

Spyware doctor detects trojan zefarch on my computer , attempts to fix it, but when I restart it again and run another scan, it detects it again.My computer keeps giving me surprises whenever I restart it and mozilla keeps telling me about add-ons even though that should be off... I have tried reading some of your pages on the matter, but unfortunately, I must admit I am quite an amateur and would be very grateful if you could show me(in an easy manner) what to do.

Thank you very much in advance

Edited by Blade Zephon, 03 July 2010 - 07:08 AM.
Move from XP to AII. ~BZ

BC AdBot (Login to Remove)


#2 AlexKach


  • Members
  • 2 posts
  • Local time:04:52 AM

Posted 18 July 2010 - 10:08 PM

Windows XP+SP3
Semantic antivir has found 5 entries. 3 entries had been quarantined and deleted.
1. System restore had been deactivated.
2. Manual scan in safe mode has given chance to delete 2 left entries.
3. Registry was not changed. Associated Windows Registry Entries were not found:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[RANDOM CHARACTERS]” = “rundll32.exe “%Windir%\[RANDOM CHARACTERS].dll”,e”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[RANDOM CLSID]\”(Default)” = “%Windir%\[RANDOM CHARACTERS].dll”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[RANDOM CLSID]\”(Default)” = “%Windir%\[RANDOM CHARACTERS].dll”
Windows log on gives the following warning:
Posted Image
It is looking like randomly named virus dll because I didn't find description of such dll anywhere.

Every new start up of the Firefox 3.6.6. activates Semantic:
Posted Image

I saw the option to try ComboFix for the purpose to remove Trojan.Zefarch!gen. It was notification that it's better to do with qualified helper. Could somebody help please to remove such trojan and to learn proper handling of possible new infection?
Thank you in advance,
12:54 Central Time
I've started the ComboFix on my own and it is looking like I've finally gotten rid of the problems. The ComboFix has delited:
It has removed also the <ORPHANS REMOVED - - - -

HKCU-Run-Byotofiwupu - c:\windows\ivcvL40.dll
HKLM-Run-Gwahi - c:\windows\uralepixox.dll
AddRemove-TVersity Media Server - c:\program files\TVersity\Media Server\uninst.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe >
I don't have first picture after reload of the system. The FireFox doesn't give me the Chrome application warning which I never asked and the Semantic is peaceful at least for now.
Thank you.

Edited by AlexKach, 19 July 2010 - 02:01 AM.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users