Wednesday, November 25, 2009

Mabezat or zPharaoh Virus Removal

0 comments
Digg it | Stumble it | Save to Del.ico.us |
Mabezat virus propagates through network,removable storage devices and emails. This file infects executable files and encrypts data files.



You can see if you are infected by the virus if you have these files at your PC.

At the Documents And Settings Folder:
tazebama.dll
tazebama.dl_
hook.dl_

It also create a "tazebama" folder at the Application Data Folder. And creates zPharaoh.exe file at all root folders with autorun.inf.

And it copies itself to removable devices with these filenames or the names that are already existing on the Removable Drive.

Adjust Time.exe
AmericanOnLine.exe
Antenna2Net.exe
BrowseAllUsers.exe
CD Burner.exe
Crack_GoogleEarthPro.exe
Disk Defragmenter.exe
FaxSend.exe
FloppyDiskPartion.exe
GoogleToolbarNotifier.exe
HP_LaserJetAllInOneConfig.exe
IDE Conector P2P.exe
InstallMSN11Ar.exe
InstallMSN11En.exe
JetAudio dump.exe
KasperSky6.0 Key.doc.exe
Lock Folder.exe
LockWindowsPartition.exe
Make Windows Original.exe
MakeUrOwnFamilyTree.exe
Microsoft MSN.exe
Microsoft Windows Network.exe
msjavx86.exe
NokiaN73Tools.exe
Office2003 CD-Key.doc.exe
Office2007 Serial.txt.exe
PanasonicDVD_DigitalCam.exe
RadioTV.exe
Recycle Bin.exe
RecycleBinProtect.exe
ShowDesktop.exe
Sony Erikson DigitalCam.exe
Win98compatibleXP.exe
Windows Keys Secrets.exe
WindowsXp StartMenu Settings.exe
WinrRarSerialInstall.exe

Different FileType are affected during this namely .ASP .ASPX .ASPX .CS .BAS .C .CPP .DOC .H .HLP .HTM .HTML .MDB
.MDF .PAS .PDF .PHP .PPT .PSD .RAR .RTF .TXT .XLS .ZIP.

This worm may also send mails with attachments in them to affect new PCs.


PREVENTION:-
- This Virus propagates through network so keep your network safe with strong password.
- Scan your or any removable drives with Anti-Virus or Anti-Spy ware to prevent infection.
-Disable Autorun on all drives.
- Do not download files from anonymous emails with attachments.
- Keep your anti-virus and anti- spy ware programs updated.


REMOVAL:-
- Disable System Restore to remove the Virus. 
- You Can run a full system scan by your Anti Virus and Anti Spyware. See it can detect it and deletes it.
- Download this rmmabez.exe from AVG and run it with this parameter (example: rmmabez C:\ D:\).
- Modify Change to "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
Read more...
 
| Copyright © 2009 Anti virus Software, News & Protection