NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove Browaf. Description and removal instructions

 
Title: Browaf
 Also known as: Browsesafe
Type: Worms
Severity scale:Browaf severity is 53  (53 / 100)
 
Browaf, also known as Browsesafe, is a worm that spreads through instant messages and online chats. Once executed, the parasite displays certain messages and installs itself to the system. Then it runs a spreading routine. Browaf uses Yahoo! Instant Messenger and mIRC programs to send links to the worm's installation file to user contacts. The worm can also change the Internet Explorer default home page and receive certain commands from the remote attacker. Browaf runs on every Windows startup.

FORUM:
Discuss Browaf in
spyware removal forum

Browaf properties:
• Changes browser settings
• Connects itself to the internet
• Hides from the user
• Stays resident in background

Automatic Browaf removal:

remover for Browaf

Browaf manual removal:

Kill processes:
browser.exe, ftpbrowser.exe, msinet.exe, startup.exe, ysnd.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\IE
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ThePowerGoat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page=[site address]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page=[site address]
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\Default_Page_URL=[site address]
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\HpDed=[site address]
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\Local Page=[site address]
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\Start Page=[site address]
HELP:
how to remove registry entries

Delete files:
browser.exe, ftpbrowser.exe, msinet.exe, startup.exe, ysnd.exe, sys.dll, msinet.ocx
HELP:
how to remove harmful files

Misc:
[site address] is an address of a web site on the lamanweb.com domain.

Exact file location:
ysnd.exe - C:\YSND
msinet.ocx - C:\Windows\System, C:\Windows\System32 or C:\Winnt\System32
browser.exe, ftpbrowser.exe, msinet.exe, startup.exe, sys.dll - C:\Windows\Temp or C:\Winnt\Temp

Other programs to remove Browaf:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 02/06/06
Information updated: 02/06/06

Additional resources related to Browaf:

Attention: If you know or you have a website or page about Browaf removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about Browaf parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:

Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.