Hey you,

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:

Remove W32.Belvira Virus Completely

Name W32.Belvira Virus
Type Computer virus, Programmed attack.
Short Description A PC virus designed to delete user data.
Symptoms Deleted user filers of various extensions. Unknown svchost.exe process.
Distribution Method Bundling.
Detection Tool Download Malware Removal Tool, to See If Your System Has Been Affected by W32.Belvira Virus
User Experience Join our forum to follow the discussion about W32.Belvira Virus.

warning-trojanA particularly dangerous virus has been detected by Symantec security researchers, going by the name ‘Belvira’. This virus is reported to create multiple files on the user PC and modify these files in the Windows Registry to run on system start up. What is particularly bad regarding this virus is that it directly deletes user files of several different types. Users are advised to use firewall and to immediately disconnect their computer from the internet.

W32.Belvira Virus – How Did It Infect My PC?

One way you could have become victim of this computer is by opening a spam mail, containing a malicious attachment. If the attack is targeted it may have originated either from a spoof email (that resembles a familiar one) address or an external drive. Targeted attacks also originate to external links that are being clicked on by inexperienced users.

W32.Belvira Virus – How Does It Work?

Once activated on the user PC, the virus creates these files in the %windir% directory:


The svchost process is particularly interesting because it has the same filename of the actual svchost – an essential and important process for Windows. What is more, the virus creates another executable – a file, called smrss.exe in the %System% folder.

After which, the virus is believed to modify the windows.ini file within the %System% folder which is related to the Windows environment.

After its already created the malicious files the virus then makes several registry entries in HKEY_LOCAL_MACHINE to make them run on system startup:

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”freizer” = “%Windir%\System32\freizer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”svchost” = “%Windir%\system32\svchost.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe smrss.exe

After it has done with the stage of situating itself on the user PC, the virus then scans its drives and deletes files with the following file extensions:


The devastating virus is also reported to infect files within the user PC with .exe and .scr extensions.

Removing W32.Belvira Virus Completely from Infected PC

The best way to remove this trojan horse is with special software since it can replicate several different files, shut down live defense features of antivirus software installed on the computer as well as firewall. This is why it is recommended to follow the step-by-step instructions below to install an advanced anti-malware on the computer and scan it more than one times. But first, you should immediately boot into safe mode without networking or boot a live operating system on the computer.
For how to boot a live OS, check out this tutorial:
And here are instructions on how to boot into Safe Mode and scan your PC to automatically remove the threat from its core and any other malware as well:

1. Boot Your PC In Safe Mode to isolate and remove W32.Belvira Virus
2. Remove W32.Belvira Virus with SpyHunter Anti-Malware Tool
3. Remove W32.Belvira Virus with Malwarebytes Anti-Malware.
4. Remove W32.Belvira Virus with STOPZilla AntiMalware
5. Back up your data to secure it against infections by W32.Belvira Virus in the future
NOTE! Substantial notification about the W32.Belvira Virus threat: Manual removal of W32.Belvira Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.