Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Remove W32.Belvira Virus Completely

NameW32.Belvira Virus
TypeComputer virus, Programmed attack.
Short DescriptionA PC virus designed to delete user data.
SymptomsDeleted user filers of various extensions. Unknown svchost.exe process.
Distribution MethodBundling.
Detection ToolDownload Malware Removal Tool, to See If Your System Has Been Affected by W32.Belvira Virus
User ExperienceJoin our forum to follow the discussion about W32.Belvira Virus.

warning-trojanA particularly dangerous virus has been detected by Symantec security researchers, going by the name ‘Belvira’. This virus is reported to create multiple files on the user PC and modify these files in the Windows Registry to run on system start up. What is particularly bad regarding this virus is that it directly deletes user files of several different types. Users are advised to use firewall and to immediately disconnect their computer from the internet.

W32.Belvira Virus – How Did It Infect My PC?

One way you could have become victim of this computer is by opening a spam mail, containing a malicious attachment. If the attack is targeted it may have originated either from a spoof email (that resembles a familiar one) address or an external drive. Targeted attacks also originate to external links that are being clicked on by inexperienced users.

W32.Belvira Virus – How Does It Work?

Once activated on the user PC, the virus creates these files in the %windir% directory:

svchost.exe
system32\ffreizer.exe

The svchost process is particularly interesting because it has the same filename of the actual svchost – an essential and important process for Windows. What is more, the virus creates another executable – a file, called smrss.exe in the %System% folder.

After which, the virus is believed to modify the windows.ini file within the %System% folder which is related to the Windows environment.

After its already created the malicious files the virus then makes several registry entries in HKEY_LOCAL_MACHINE to make them run on system startup:

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”freizer” = “%Windir%\System32\freizer.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”svchost” = “%Windir%\system32\svchost.exe
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe smrss.exe

After it has done with the stage of situating itself on the user PC, the virus then scans its drives and deletes files with the following file extensions:

.xlsx;.xls;.txt;.jpg.jpeg;.docx;.doc;.ppt;.3gp

The devastating virus is also reported to infect files within the user PC with .exe and .scr extensions.

Removing W32.Belvira Virus Completely from Infected PC

The best way to remove this trojan horse is with special software since it can replicate several different files, shut down live defense features of antivirus software installed on the computer as well as firewall. This is why it is recommended to follow the step-by-step instructions below to install an advanced anti-malware on the computer and scan it more than one times. But first, you should immediately boot into safe mode without networking or boot a live operating system on the computer.
For how to boot a live OS, check out this tutorial:
https://sensorstechforum.com/forums/malware-removal-questions-and-guides/safe-way-to-scan-your-computer-and-detect-malware/
And here are instructions on how to boot into Safe Mode and scan your PC to automatically remove the threat from its core and any other malware as well:

1. Boot Your PC In Safe Mode to isolate and remove W32.Belvira Virus
2. Remove W32.Belvira Virus with SpyHunter Anti-Malware Tool
3. Remove W32.Belvira Virus with Malwarebytes Anti-Malware.
4. Remove W32.Belvira Virus with STOPZilla AntiMalware
5. Back up your data to secure it against infections by W32.Belvira Virus in the future
NOTE! Substantial notification about the W32.Belvira Virus threat: Manual removal of W32.Belvira Virus requires interference with system files and registries. Thus, it can cause damage to your PC. Even if your computer skills are not at a professional level, don’t worry. You can do the removal yourself just in 5 minutes, using a malware removal tool.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.