Solved

W32.Mabezat.B Virus

Posted on 2009-07-10
4
886 Views
Last Modified: 2013-11-22
We took over a client recently where every server and workstation was infected badly with the W32.Mabezat.B virus.  We have installed temporary servers with new 2003 installations and updated Symantec, and have tried cleaning the XP workstations with a number of different methods that we have found on the internet.   This has not been successful and we are battling to remove it.   Has anyone had any success with a particular method of removal??  I'm reluctant to reformat every workstation if at all possible.  We have also noted that Symantec seems to get into a loop after it tries to clean the virus, continually demanding a restart.
0
Comment
Question by:PNRT
4 Comments
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 24824020
yes i did it with http://www.pandasecurity.com/activescan. try and tell me
0
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 24824159
You might want to try...Dr. Web Anti-Virus and Combofix...
http://www.freedrweb.com/
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24824691
In such cases , if the above tools did not do the trick, manual removal can help here.
http://vil.nai.com/vil/content/v_143555.htm
you just need to take the machine(s) offline in safe mode , one by one , delete the files and registry keys, search for & delete hidden autorun.inf files .maybe run a tool like Flash disinfector, ,empty Temp folders ,reboot , update Antivirus & scan, you should be good to go.

0
 
LVL 7

Accepted Solution

by:
vvlada earned 500 total points
ID: 24825905
Hi,

You don't need to change Symantec, just turn of system restore on workstations, reboot in safe mode and run full scan (before, your av defs need to be updated). What version of Symantec are you using? If you can find what files are virus submit it to the Symantec using virus submit page:

https://submit.symantec.com/websubmit/gold.cgi

and in a couple of hours (or minutes) you will get response in email with instructions or link to the rapid release definitions that will help you clean the virus.

best regards,
Vladimir
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Have you ever tried to find someone you know on Facebook and searched to find more than one result with the same picture? Perhaps someone you know has told you that they have a 'facebook stalker' or someone who is 'posing as them' online and ta…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question