Worm.Win32.Mabezat... need to remove virus.

Printable View

28.05.2010, 15:32
mervyne

Worm.Win32.Mabezat... need to remove virus.

Sir/Madam,
Please assist me in removing this virus from my server.
Attached is the file: avptool_sysinfo.

Thank you.
28.05.2010, 17:12
Rene-gad

Hello,
I miss Service Pack 2 @ your system.

Switch off/Disable:
- Antivirus and and, if you have - Firewall.

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\WINDOWS\system32\inetsrv\iisrstas.exe','');
QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
QuarantineFile('C:\TKSQL\day.bat','');
QuarantineFile('C:\TKSQL\autopoll.bat','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('C:\zPharaoh.exe','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\zPharaoh.exe');
DeleteFile('D:\zPharaoh.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]

After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual disinfection
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]and upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.

- Repeat a log file of AVPTool.
- Attach a log to your new post..
31.05.2010, 11:08
mervyne

Worm.Win32.Mabezat... need to remove virus.

I thank you very much for speedy reply. I am very new to the KAV and server environment and also to executing of "scrpits". Can you point me in the right direction.
Kind regards.
31.05.2010, 11:24
Rene-gad

[url]http://forum.kaspersky.com/index.php?showtopic=164966[/url]
31.05.2010, 14:01
mervyne

Worm.Win32.Mabezat.... on virtual server.(ELSVFSP02A)

Please assist with removal of Worm.Win32.Mabezat.... on virtual server.
Attached is the [FONT=Calibri]file: avptool_sysinfo.[/FONT]
31.05.2010, 14:46
Rene-gad

Pls. make all the logs only from local session.
31.05.2010, 17:27
mervyne

Hi,
Please explain the term "local session" as this logfile was created on the virtual server.
Thanks.
31.05.2010, 17:29
Rene-gad

[QUOTE=mervyne;646975]Hi,
Please explain the term "local session" as this logfile was created on the virtual server.
[/QUOTE]Virtual server doesn't show the correct data. You have to start AVPTool sitting direct at your Computer and logging as local administrator.