Solved

W32.Mabezat.B Virus

Posted on 2009-07-10
4
889 Views
Last Modified: 2013-11-22
We took over a client recently where every server and workstation was infected badly with the W32.Mabezat.B virus.  We have installed temporary servers with new 2003 installations and updated Symantec, and have tried cleaning the XP workstations with a number of different methods that we have found on the internet.   This has not been successful and we are battling to remove it.   Has anyone had any success with a particular method of removal??  I'm reluctant to reformat every workstation if at all possible.  We have also noted that Symantec seems to get into a loop after it tries to clean the virus, continually demanding a restart.
0
Comment
Question by:PNRT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 24824020
yes i did it with http://www.pandasecurity.com/activescan. try and tell me
0
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 24824159
You might want to try...Dr. Web Anti-Virus and Combofix...
http://www.freedrweb.com/
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
 
LVL 23

Expert Comment

by:Admin3k
ID: 24824691
In such cases , if the above tools did not do the trick, manual removal can help here.
http://vil.nai.com/vil/content/v_143555.htm
you just need to take the machine(s) offline in safe mode , one by one , delete the files and registry keys, search for & delete hidden autorun.inf files .maybe run a tool like Flash disinfector, ,empty Temp folders ,reboot , update Antivirus & scan, you should be good to go.

0
 
LVL 7

Accepted Solution

by:
vvlada earned 500 total points
ID: 24825905
Hi,

You don't need to change Symantec, just turn of system restore on workstations, reboot in safe mode and run full scan (before, your av defs need to be updated). What version of Symantec are you using? If you can find what files are virus submit it to the Symantec using virus submit page:

https://submit.symantec.com/websubmit/gold.cgi

and in a couple of hours (or minutes) you will get response in email with instructions or link to the rapid release definitions that will help you clean the virus.

best regards,
Vladimir
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
best n secure practice to transfer large files if usb port is disabled 13 86
Run .exe file from network share 2 81
turbotax on windows 10 98
Antivirus - Webroot vs Symantec? 6 231
PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question