Help - removal of W32/Mabezat and 32/Mabezat.a variant

Hi there

I have done some scans on our network and it seems that some of our PC’s are infected with the Mabezat and Mabezat.a variants. I have updated my copy of avast to the latest virus definition file, but it seems unable to clean the virus completely off the system. If anybody has some experience with this, please could they offer their assistance.

regards
S7wede

Update: I have since run the Virus remover for Win32/Mabezat and it has come up with some cleaned fils and others it couldn’t open. I have also installed SUPERAntiSpyware and it has cleaned my PC of any other intrusions. Avast however keeps on popping up with virus warnings. Most of these seem to be in the system restore files.

-= You may try turning off system restore, cleaning system restore files, then turning back system restore on & create a new restore point…?

Manual Removal of W32.Mabezat.B

  1. Temporarily Disable System Restore (Windows Me/XP). [how to]
  2. Update the virus definitions.
  3. Reboot computer in SafeMode [how to]
  4. Run a full system scan and clean/delete all infected file(s)
  5. Delete/Modify any values added to the registry. On Start Menu, click Run, type regedit on the field.
    Navigate to and restore the following registry entry if required:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\Advanced\”ShowSuperHidden” = “0″
  6. Exit registry editor and restart the computer.
  7. Find and delete the following files:
  • %SystemDrive%\Documents and Settings\tazebama.dl_
  • %SystemDrive%\Documents and Settings\hook.dl_
  • %UserProfile%\Start Menu\Programs\Startup\zPharoh.exe
  • %SystemDrive%\Documents and Settings\tazebama.dll
  1. You can use Flash_Disinfector from here: http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exeWhat will Flash Disinfector Do
  • Clean up junks created by flash malwares
  • Deletes autorun.inf from every root folder
  • Fix back damages done to your system
  • Creates an autorun.inf folder in the root of your system drives, leave that there for protection,

polonus