W32.Mabezat.B Virus

We took over a client recently where every server and workstation was infected badly with the W32.Mabezat.B virus.  We have installed temporary servers with new 2003 installations and updated Symantec, and have tried cleaning the XP workstations with a number of different methods that we have found on the internet.   This has not been successful and we are battling to remove it.   Has anyone had any success with a particular method of removal??  I'm reluctant to reformat every workstation if at all possible.  We have also noted that Symantec seems to get into a loop after it tries to clean the virus, continually demanding a restart.
LVL 2
PNRTAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

*** Hopeleonie ***IT ManagerCommented:
yes i did it with http://www.pandasecurity.com/activescan. try and tell me
0
JeremySBrownCommented:
You might want to try...Dr. Web Anti-Virus and Combofix...
http://www.freedrweb.com/
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
Mohamed OsamaSenior IT ConsultantCommented:
In such cases , if the above tools did not do the trick, manual removal can help here.
http://vil.nai.com/vil/content/v_143555.htm
you just need to take the machine(s) offline in safe mode , one by one , delete the files and registry keys, search for & delete hidden autorun.inf files .maybe run a tool like Flash disinfector, ,empty Temp folders ,reboot , update Antivirus & scan, you should be good to go.

0
vvladaCommented:
Hi,

You don't need to change Symantec, just turn of system restore on workstations, reboot in safe mode and run full scan (before, your av defs need to be updated). What version of Symantec are you using? If you can find what files are virus submit it to the Symantec using virus submit page:

https://submit.symantec.com/websubmit/gold.cgi

and in a couple of hours (or minutes) you will get response in email with instructions or link to the rapid release definitions that will help you clean the virus.

best regards,
Vladimir
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.