We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Zafi.A@mm
Detected by Microsoft Defender Antivirus
Aliases: W32/Zafi.a@MM (McAfee) W32.Erkez.A@mm (Symantec) WORM_ZAFI.A (Trend Micro) W32/Zafi-A (Sophos)
Summary
Win32/Zafi.A@mm is a mass-mailing worm that targets certain versions of Microsoft Windows. The worm sends itself to e-mail addresses it finds on an infected machine. The worm is activated when a user opens an e-mail attachment that contains the worm.
To remove Win32/Zafi.A@mm, you must use a removal tool such as the Windows Malicious Software Removal Tool, or a tool provided by a member of the Virus Information Alliance.
After you remove Win32/Zafi.A@mm from an infected computer, it is important to take steps to prevent re-infection. Do not reconnect your computer to the Internet until the computer is protected from re-infection. See the "Preventing Infection" section for more information.
Follow us
