Solved

W32.Mabezat.B Virus

Posted on 2009-07-10
4
883 Views
Last Modified: 2013-11-22
We took over a client recently where every server and workstation was infected badly with the W32.Mabezat.B virus.  We have installed temporary servers with new 2003 installations and updated Symantec, and have tried cleaning the XP workstations with a number of different methods that we have found on the internet.   This has not been successful and we are battling to remove it.   Has anyone had any success with a particular method of removal??  I'm reluctant to reformat every workstation if at all possible.  We have also noted that Symantec seems to get into a loop after it tries to clean the virus, continually demanding a restart.
0
Comment
Question by:PNRT
4 Comments
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 24824020
yes i did it with http://www.pandasecurity.com/activescan. try and tell me
0
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 24824159
You might want to try...Dr. Web Anti-Virus and Combofix...
http://www.freedrweb.com/
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24824691
In such cases , if the above tools did not do the trick, manual removal can help here.
http://vil.nai.com/vil/content/v_143555.htm
you just need to take the machine(s) offline in safe mode , one by one , delete the files and registry keys, search for & delete hidden autorun.inf files .maybe run a tool like Flash disinfector, ,empty Temp folders ,reboot , update Antivirus & scan, you should be good to go.

0
 
LVL 7

Accepted Solution

by:
vvlada earned 500 total points
ID: 24825905
Hi,

You don't need to change Symantec, just turn of system restore on workstations, reboot in safe mode and run full scan (before, your av defs need to be updated). What version of Symantec are you using? If you can find what files are virus submit it to the Symantec using virus submit page:

https://submit.symantec.com/websubmit/gold.cgi

and in a couple of hours (or minutes) you will get response in email with instructions or link to the rapid release definitions that will help you clean the virus.

best regards,
Vladimir
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now