[KB3165] How do I remove a Win32/Mabezat infection?

Issue

Solution

  1. Click the link below to download the ESETMabezatAdecrypter tool. Save the file to your desktop.

    Download ESETMabezatADecrypter.exe
     
  2. Click Start → All Programs → Accessories. Right-click Command Prompt and choose Run as administrator from the context menu.
    •  Windows 8 users: Press the Windows key + Q to open an app search and type cmd into the Search field. Right-click the cmd application when it appears in results and select Run as administrator from the context menu.
       
  3. Type cd Desktop into the command prompt and press Enter to change directories to your Desktop.
     
  4. Type the command ESETMabezatAdecryptor.exe /f %pathtoscan%* into the command prompt and press Enter.
    • This will scan all sub-directories of the path specified and force the cleaning of any infected files found. For example, the command ESETMabezatAdecryptor.exe /f C:* will scan the entire C drive including sub-directories and clean any infected files found.
       
    • Once the scan finishes running, a log file will be created in the same folder that the tool was run from (if you saved the file to your desktop, then the log file will be saved to your desktop).

Need Assistance in North America?

If you are a North American ESET customer and need assistance, visit helpus.eset.com to chat with a live technician, view product documentation or schedule a consultation with an ESET Home Advisor.