W32.Masavebe
W32.Masavebe is a worm that commonly spread on removable devices and drives. Things like external hard drive, memory and USB Flash disk are types of gadget where W32.Masavebe can duplicate a copy of itself. What’s more devastating about this worm is its ability to make these drives inaccessible to owner. The worm usually utilized an autorun function so that it creates a copy to other drives on the affected computer if any of the infected disks is accessed.
Damage Level: Medium
Threat Assessment By: Symantec
Systems Affected: Windows 9x, 2000, XP, Vista
How to Remove W32.Masavebe:
FIRST AID TO STOP W32.Masavebe:
If this virus have infected the system, registry and legitimate Windows files are also compromised. System Restore can reinstate clean system files by restoring the configuration to an earlier date. If a restore point was created before you got infected with W32.Masavebe, please restore Windows to previous configuration.
MANUAL REMOVAL OF W32.Masavebe:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
3. Thoroughly scan the system and clean/delete all infected file(s). Please see below.
4. Delete/Modify any values added to the registry if present. Refer to associated Windows Registry Entries.
- Click on Start. Search or Run regedit.exe to begin registry editor.
Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Other functionalities of this Worm:
- This Worm will create an entry on Windows registry so that it will run simultaneously with Windows.
- W32.Masavebe can open a backdoor and allows a remote attacker to gain access.
- It will connect to an Internet Relay Chat (IRC) server to operate the backdoor function.
Malicious Files Added by W32.Masavebe:
%Temp%\34542.exe
File Location for Windows Versions:
- %Temp% refers to C:\Windows\Temp\.
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\CurrentVersion\Run\”MSN” = “%Temp%\34542.exe”
Alternative Removal Method for W32.Masavebe
Option 1 : Use Windows System Restore to return Windows to previous state
If W32.Masavebe enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before W32.Masavebe infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.