W32.Mabezat.B

Overall Risk Level: 

W32.Mabezat.B can infect executable files and encrypt data files. W32.Mabezat.B worm spreads via removable drives and unsecured network shares. It will also modify Windows registry settings to disable certain functionalities.

Alias:

§  Worm.Win32.Mabezat.b

§  W32/Mabezat

§  PE_MABEZAT.B-O

§  W32/Mabezat-B

Damage Level: Low

Systems Affected: Windows

Manual Removal of W32.Mabezat.B

1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. On Start Menu, click Run, type regedit on the field.

Navigate to and restore the following registry entry if required:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\Advanced\”ShowSuperHidden” = “0″

6. Exit registry editor and restart the computer.

7. Find and delete the following files:
- %SystemDrive%\Documents and Settings\tazebama.dl_
- %SystemDrive%\Documents and Settings\hook.dl_
- %UserProfile%\Start Menu\Programs\Startup\zPharoh.exe
- %SystemDrive%\Documents and Settings\tazebama.dll
- [DRIVE]:\zPharaoh.exe
- [DRIVE]:\autorun

8. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

 Favorable Thanks to http://www.precisesecurity.com