1. Restart the computer in Safe Mode.
2. Open Windows Explorer, locate the infected file and delete it.
3. Verify if the folder C:\Program Files\Common Files\zzfw exists. If it does, delete it along wih all its contents.
4. Go to Start > Run, type regedit and press OK.
5. Locate and delete the following registry keys/values:
6. Run a full scan of the system with BullGuard.
1. Increased network traffic.
2. Suspicious processes might be observed in Task Manager.
1. When it runs, it creates these registry keys:
2. After that it initiates a connection to dl.targetsaver.com in order to download an installer for several malicious components that are recognized as:
3. When the download is complete, the wfzz key is deleted from the registry.
4. The installer will extract the files in the following folder: C:\Program Files\Common Files\zzfw
and it will create a process for every downloaded executable file.
So you will find the following processes:
5. An entry will be added in the registry in order to ensure that the zzfw program is executed at startup. The name of the key is:
The BullGuard Team