Trojan.Zeraf is a destructive Trojan horse that deletes critical system files. If it has executed, you will no longer be able to run Windows This Trojan is programmed in Delphi and distributed as a UPX-packed, self-extracting RAR archive. (UPX is a runtime compressor for Windows executable files).

When the Trojan is run, it inserts the actual Trojan executable on the hard disk as C:\Zeraful\Zeraful.exe and then executes that file.
Trojan.Zeraf displays the following program interface as it attempts to scan the system.

 
While counting to 100%, the destructive payload activates. It attempts to delete the following files: 
* C:\Angelus.ang 
* C:\Windows\User.dat 
* C:\Windows\System.dat 
* C:\Command.com 
* C:\Autoexec.bat 
* C:\Windows\System\Bios.vxd 
* C:\Windows\System\Pci.vxd 
* C:\Windows\System\Pcimp.pci 
* C:\Windows\System32\Drivers\Hidparse.sys 
* C:\Windows\System32\Drivers\Hidclass.Sys 
* C:\Windows\System32\Drivers\Hidvkd.Sys 
* C:\Windows\System\Vmm32.vxd 
* C:\Windows\Win.ini 
* C:\Windows\Inf\Msmouse.inf 
* C:\Windows\Inf\Msmouse.pnf 
* C:\Windows\System\Mouse.drv 
* C:\Windows\System\Msmouse.vxd 
* C:\Windows\System\Keyboard.drv 
* C:\Windows\Inf\Keyboard.inf 
* C:\Windows\Inf\Keyboard.pnf 
* C:\Config.sys 
* C:\Windows\Command\Country.sys 
* C:\Windows\Command\Display.sys 
* C:\Windows\Emm386.exe 
* C:\Windows\Himem.sys 
* C:\Windows\Command\Keyboard.sys 
* C:\Windows\Command\Keybrd2.sys 
* C:\Msdos.sys 
* C:\Io.sys 
* C:\Windows\System.ini 
* C:\Windows\Rundll.exe 
* C:\Windows\Rundll32.exe 
* C:\Windows\Defrag.exe 
* C:\Windows\Explorer 
* C:\Windows\Regedit.exe 
* C:\Windows\Notepad.exe 
* C:\Windows\Paint.exe
Removal instructions
 
If Trojan.Zeraf has run on your computer, in most cases you will have to reinstall Windows before you can run Norton AntiVirus and remove the Trojan.