Inside Generic Pup.Z

[ad#ad2-left]

Infection Methods:

Potentially unwanted programs do not self-replicate. They spread manually, often under the premise that they are beneficial or wanted. They can either be stand alone applications, or come bundled along with other PUPs, Trojans or Rootkits.

Installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs.

Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Ways to prevent Infection:

In order to prevent these types of infections you need to understand that most of the time it is something you thought was useful but yet has a virus hidden inside of it.   Some of the things you can do to remove the virus is:

You need to remember about security and how to counter any virus installation by having a firewall and Anti-virus.  I have also put an e-store to better make use of anything I see on Amazon that might help you out.  If you want to visit it, click here.

Figuring out the Email-Worm Win32.Zafi.b

This is another just I just saw on the web and wanted to talk about what this little Worm does and what it’s known Aliases:

Email-Worm.Win32.Zafi.b (Kaspersky Lab) is also known as: I-Worm.Zafi.b (Kaspersky Lab), W32/Zafi.b@MM (McAfee), W32.Erkez.B@mm (Symantec), Win32.Hazafi.30720 (Doctor Web), W32/Zafi-B (Sophos), Win32/Zafi.B@mm (RAV), PE_ZAFI.B (Trend Micro), Worm/Zafi.B (H+BEDV), W32/Zafi.B@mm (FRISK), Win32:Zafi-B (ALWIL), I-Worm/Zafi.B (Grisoft), Win32.Zafi.B@mm (SOFTWIN), Worm.Zafi.B (ClamAV), W32/Zafi.B.worm (Panda), Win32/Zafi.B (Eset)

[ad#ad2-left]This worm spreads via the Internet as an attachment to infected messages, and also via local and file-sharing networks.
It is written in Assembler, and packed using FSG. It is 12800 bytes in packed form, and 33292 in unpacked form.

This Worm seems to be running through email and file sharing sites, One thing it tries to do is stop the process and deletes:
fvprotect.exe
winlogon.exe
jammer2nd.exe
services.exe

It attempts to detect antivirus program files on the computer and overwrite them with a copy of itself.

[ad#ad2-right]It also attempts to conduct DoS attacks on the following sites:

www.2f.hu
www.parlament.hu
www.virusbuster.hu
www.virushirado.hu

This seems to be a very big virus and can be removed with the use of Kapersky Virus removal tool for free for this type of virus. In order to prevent this virus in the future the user has to remember about not getting opening unknown documents or emails and not running any unkown program from an unknown file sharing.   Also remember you need to have an anti-virus  and also a firewall to protect yourself in the future.