Overall Risk Level: 
W32.Mabezat.B can infect executable files and encrypt data files. W32.Mabezat.B worm spreads via removable drives and unsecured network shares. It will also modify Windows registry settings to disable certain functionalities.
Alias:
- Worm.Win32.Mabezat.b
- W32/Mabezat
- PE_MABEZAT.B-O
- W32/Mabezat-B
Damage Level: Low
Systems Affected: Windows
Manual Removal of W32.Mabezat.B
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.
3. Reboot computer in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. On Start Menu, click Run, type regedit on the field.
Navigate to and restore the following registry entry if required:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Explorer\Advanced\”ShowSuperHidden” = “0″
6. Exit registry editor and restart the computer.
7. Find and delete the following files:
- %SystemDrive%\Documents and Settings\tazebama.dl_
- %SystemDrive%\Documents and Settings\hook.dl_
- %UserProfile%\Start Menu\Programs\Startup\zPharoh.exe
- %SystemDrive%\Documents and Settings\tazebama.dll
- [DRIVE]:\zPharaoh.exe
- [DRIVE]:\autorun
8. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
How to Remove W32.Mabezat.B:
On this page is our suggested (by precisesecurity) removal procedure and Visitor's own suggestion. We cannot control and evaluate each suggested procedure so please use it at your own risks. If no suggestion is present to remove virus, spyware, adware and malware, you may try the following:- Remove W32.Mabezat.B with Standard Virus Scan
- Scan W32.Mabezat.B with MalwareByte's Anti-Malware
19 Responses for "W32.Mabezat.B"
This virus effected in our server. How can I remove this from the Server.
Your help requested
Dear sir,
We have the important system in our network & they have affected with tazabama virus please i need removal tool for tazebama virus urgently
Thanking You
We have tried this and work on Windows2000/XP, dont know if it will work on server.
1. Download Malwarebytes’ Anti-Malware (mbam-setup.exe) and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as “default” only
4. Before the installation completes, check on the following prompts:
- Update Malwarebytes’ Anti-Malware
- Launch Malwarebytes’ Anti-Malware
5. Click “Finish.” Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the “Show Results”
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.
thanks i will try and will tell you about the result but if it doesn’t work i will show you ok
now i’m gonna take my chicha then go to the bed coz it’s too late here and i feel tiered today, i had many died in work this morning and i’m afraid will see them on my dream.
so tazebama and mr gate are permenantly in my computer playing cards and having alcooholic drinks.
The system restore tab is not available when I go to Properties of “My Computer”. However, I have gone to the registry and added the value as you recommend but am not sure it helps because I jumped the steps in between.
How to completely remove this worm from a flash drive. I used Norton but there was still some unresolved ones. How can I do this I need help.
Famart, you can use Flash Disinfector to remove threats on flash drives.
Hello,
I can’t follow step 5 as I’m not allowed to open regedit. I don’t see the start menu. It seems like I don’t have Administrator status anymore. I did a full virus analysis and deleted about 70 files but I can’t finish your protocol :(
Any idea?
Thanks a lot anyway.
Bye
comment supprimer le virus mabezat dans mon ordinateur
I followed through all the procedures, only that I didnt find the system restore tab on the properties of my computer, and I even couldnt user the microsoft guide to get to it, how ever I run/msconfig, and when to the system utility, and un checked the system restore service.
then followed through the steps, but again couldnt find the - %SystemDrive%\Documents and Settings\tazebama.dl_
- %SystemDrive%\Documents and Settings\hook.dl_
- %UserProfile%\Start Menu\Programs\Startup\zPharoh.exe
- %SystemDrive%\Documents and Settings\tazebama.dll
- [DRIVE]:\zPharaoh.exe
- [DRIVE]:\autorun
so I guessed it hadnt created those, or my Eset NOd 32 had deleted them, there fore I just continued with the procedures to the end, some body advise otherwise where need be please,
thanks
Rod
My windows 2003server is affected by Tezebama.dll anybody can help me
Hi
Our system has been hit by mabezat virus, all our computer which a connected to the server they cant access thier profiles it gives an error massege that says : local profile cannot be found you will currently be logged on a temporary file, I have update untivirus scanned the system got 1890 virus on the server.
Thanx and Regards
Thoko
Thanks for the great solution!
Our server computer had over 7500 viruses and 99 % of them were the Mabezat worm.. It has now been cleaned by this solution and by Avast! Antivirus.
I can only recommend Avast!, since it is a very powerful antivirus. And if you have Home Edition, you can use it freely without any payment. You only need to register with a received registration code (free of course).
Thanks again for this great solution.
- Robert
Hello Friends,
I our college all systems affected with tazebalm.dll virus.If i remove also automatically create each time when i used to execute Java Executable files……..iam unable to use Java due to this. Please give me a solution to permanently removing tazebalm.dll from all systems
Hi,
You will not beat this virus if you will not remove some of its files that were system, hidden and read-only.
You have to do it manually by going to following drives:
- %SystemDrive%\Documents and Settings\
- %UserProfile%\Start Menu\Programs\Startup\
- [RootDrive]:\
- [USB Drive]:\
1. Go to Start>Run and type “cmd” for command prompt
2. On each drive, type “attrib” to view attributed files.
3. To remove the attributes, type “-s -h -r filename”
4. Delete the file, “del filename”
5. After deleting all files, scan your computer with antivirus programs.
kaspersky does the whole trick. It saved me alot of stress, infact my sql had been taken plus my installation files.
Go for kaspersky do a full scan and restart your server.
and you will have sweet dreams !
I need help my laptop was infected by mabezat. I downloaded rmmabez.exe and scanned the PC. The virus was removed but my desktop is still not populated nor respond to left or right clicks. My taskbar is also not there.
I tried the system restore route but it did not help. I can only access programs and files via alt+del+ctrl new task route.
Can anyone help restore my computer.
Hi
I really need urgent help!!
I am a DJ with over 18 000 songs!!!
this ”mazebat” worm infected my pc because my norton was not updated!!
the pc was taken to IT experts..they removed it
BUT ALL MY MUSIC!! AND MUSIC APPS HAVE BEEN REMOVED BY THE VIRUS!!!
please I really need help on how to restore all the files
thanks in advance!
HJ
Sorry HJ for your loss of musicfiles but its not the virus
that has removed the songs, its the IT-”experts”.
Any Response?