cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

W32/Mabezat Virus

Gents,

Please help me to solve the following big Virus problem.

One of mf my client is infected with Mabezat virus.
hxxp://vil.nai.com/vil/content/v_143555.htm

in the system their is three partition ,when we start full scan of the system its scanning one by one
{C drive-->D drive-->E drive}.

But when it finishes the cleaning the C drive and process to the D drive the Virus start replicate it self from the E and d Drive back to the C Drive.

The cleaning is happening but again and again it's coming back.

Also we tried to scan in safe mode but still it's coming again and again.

The VSE information:
-Virus scans Enterprise 8.5i with Patch 4.
-Anti spyware enterprise module.
-Engine: 5200.2160
-DAT Version: 5233.0000

Regards
Labels (1)
Tags (3)
11 Replies
admin
Level 7
Report Inappropriate Content
Message 2 of 12

mabezat

Hi

Check if u have the following files, If yes please delete them:
- %SystemDrive%\Documents and Settings\tazebama.dl_
- %SystemDrive%\Documents and Settings\hook.dl_
- %UserProfile%\Start Menu\Programs\Startup\zPharoh.exe
- %SystemDrive%\Documents and Settings\tazebama.dll
- [DRIVE]:\zPharaoh.exe
- [DRIVE]:\autorun

It would be easier for you to delete these files in the safe mode
Try it and update me on whats happening

RE: mabezat

Thanks Jermaine for the replay,

I have tried to delete it but again it's coming back.

Let me try it again in safe mode and report back to the forum.

But in case the infections happen in multiple System and we have Epo 4.0 how we can take action for it.

Regards

RE: mabezat

Can i make extra dat for it.

tazebama.dl_
hook.dl_
zPharoh.exe
tazebama.dll

Regards
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 5 of 12

RE: mabezat

Until he replies, and if you are still troubled with this infection, I would strongly advise using the free version of this anti-spyware tool:
http://www.superantispyware.com/superantispywarefreevspro.html

If that fails to clean it then use Hijackthis and post its log on one of the following forums for expert help:

Do not post the log here, we can't help!

DOWNLOAD HIJACKTHIS

Post the logs at a specialist Forum:

AUMHA FORUM

BLEEPING COMPUTER FORUM

GEEKS TO GO FORUM

MAJOR GEEKS FORUM

MALWARE REMOVAL FORUM

SPYWARE INFO FORUM

TECH SUPPORT GUY FORUM

WHAT THE TECH FORUM (Formerly Tom Coyote)

Be sure to read all the sticky announcements/instructions at the top of each malware forum!
admin
Level 7
Report Inappropriate Content
Message 6 of 12

RE: mabezat

HI


Do as EX_brit tells you to
If the problem still persists please post

P.S. What happens in safe mode ? was it successful ?

RE: mabezat




try to Delete the file but its again replicate back.

Problem still existing,with Symantec we are able to clean.

what further think we can do?
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 8 of 12

RE: mabezat

Did you post a Hijackthis log on one of the forums mentioned? They have experts in the field to help you.

RE: mabezat



We didnt post Hijackthis.

any one have some solution.

Regards
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 10 of 12

RE: mabezat

I strongly suggest that you do what I suggested. Jermaine appears to be no longer a member of this board so he can't help.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community