When your computer is compromised with Downloader.Swif.C, you may follow the procedure on this page to contain this threat. Remove the Trojan at once before it can further harm the system.

Downloader.Swif.C is a Trojan that can download more threats and execute in the infected computer. It will take advantage of the Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability to run the code without user’s intervention. Once the Trojan loads, it may carry out harmful task on the compromised PC. The Trojan can also redirect Internet browser to a web site where malicious SWF file is located.


Damage Level: Low

Systems Affected: Windows 9x, 2000, XP, Windows Vista

When the Trojan executes, it opens an instance of Flash Player simultaneous with Internet Explorer and redirect victims to a malicious web address. This may lead to exploitation of Adobe Flash Player Multimedia File Remote Buffer Overflow Vulnerability that causes the affected system to download additional threats from a predefined location.

Downloaded threat is saved under Windows Temporary folder as ORZ.EXE, identified as a Trojan Horse.

Downloader.Swif.C may arrive on a computer as a downloaded file from a remote site that disguises as useful application. An especially designed .SWF file checks Flash Player version installed on target computer. It access various web address depending on detected Flash Player version. If it detects that system has version,, it tries to visit the following address:


Both URL’s displayed above are not available as of this writing.

How to Remove Downloader.Swif.C

1. Temporarily Disable System Restore (Windows Me/XP).
2. To be able to identify even the most recent variant of Downloader.Swif.C, open your antivirus application and update the virus definition file.

3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.

4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.

Scan with Norton Power Eraser:

Additional virus removal tool like Norton Power Eraser provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.

5. Go to this link and download Norton Power Eraser.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.

Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.

10. Now click on Fix to start removing the threats including Downloader.Swif.C remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.

1 Response

  1. juan colon estrada says:

    Downloader.Swif.C this virus is attacking my computer and my antivirus is not working properly, I mean don’t clean it, I do a scan and it don’t report the virus, but when I used my browser it show up a report that there’s a virus. please I need to know what to do, this is the notification that show my antivirus Symantec.
    Scan type: Real time Protection Scan
    Event: Virus Found!
    Virus name: Downloader.Swif.C
    File: C:\Documents and Settings\josue\Local Settings\Temporary Internet Files\Content.IE5\JOLNFQHJ\i115[1].SWF
    Location: C:\Documents and Settings\josue\Local Settings\Temporary Internet Files\Content.IE5\JOLNFQHJ
    Computer: JUAN-DA62A64E3C
    User: josue
    Action taken: Delete succeeded : Access denied
    Date found: Thursday, September 18, 2008 7:49:41 AM

Leave a Reply

Your email address will not be published. Required fields are marked *