is also known as W32.Harakit
| Type: Worms
Harakit worm is typical representative of its kind. Harakit (also known as W32.Harakit) spreads through network shares and online chat applications. It also creates copies of itself on every removable drive it can locate; this is how it reaches new victims.
Harakit makes changes in Windows registry in order to hide itself from computer’s owner. The modifications it makes also enables Harakit worm to run on every startup. Harakit usually deletes some registry entries that are responsible for security settings; this way it stays unobserved by anti-spyware and anti-virus scans. Changing security settings also helps Harakit to achieve its goals. Replicating itself is not the main purpose of W32.Harakit; it targets personal information. Harakit collects sensitive data and delivers it to remote attackers. Harakit is as threat to person’s privacy and security.
• Sends out logs by FTP or email
• Connects itself to the internet
• Hides from the user
• Stays resident in background
Automatic Harakit removal:
It might be that we are affiliated with any of our recommended products. Full disclosure can be found in
our Agreement of Use.
We are testing STOPzilla's efficiency at removing Harakit
We are testing SpyHunter's efficiency at removing Harakit
Malwarebytes Anti Malware
We are testing Malwarebytes Anti Malware's efficiency at removing Harakit
We are testing XoftSpySE Anti Spyware's efficiency at removing Harakit
Virus Removal Phone Support
Harakit manual removal
Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"cftm" = "C:\WINDOWS\system32\cftm.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"csrcs" = "C:\WINDOWS\system32\csrcs.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"cftm" = "C:\WINDOWS\system32\cftm.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\"cftm" = "C:\WINDOWS\system32\cftm.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"ShowSuperHidden" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "Explorer.exe csrcs.exe"
QR code for Harakit removal instructions
QR is short for Quick Response. They can be read quickly by the mobile phones. QR codes can store more data than
standard barcodes, including url links, geo coordinates, and text.
The reason we add QR code to the
website is that parasites like Harakit are really hard to remove on infected computer.
you can quicly scan the QR code with your mobile device and have manual removal instructions to
uninstall Harakit right in your pocket.
Simply use the QR scanner and read removal instructions from mobile device.
Information added: 2008-11-12 01:22
Information updated: 2008-12-10 08:12
Attention: If you know know a reputable website reated to security threats, please add a link here: add url