Mabezat A and B Virus - Unremoveable

Recently, my USB has been infected with the Mabezat A/B trojan/virus.

The problem I have is this -

Comodo can see about 200 infected files, in which it cleaned.

Nod32 sees about 600 other infected files, which it fails to clean.

Also browsing the memory stick, I can see the actual Zpharoah.exe as well as some copied documents than have been turned into .exe files as well.

Comodo V4 cannot see it, NOD32 can see it and does nothing, I can see it but cant delete it.

Also MalwareBytes doesn’t see the infection on the USB.

So what do people recommend I do.


Can you upload the file in question to and post a link to the results:

Also, are all of these infections being found on the USB, or on the computer?

If these are on the computer you may want to run a boot-cd if these methods don’t work:
What You Need To Know About Removing Infections and Securing Your Computer

If they’re only on the USB you will probably want to disable autoruns.

if they are on a usb stick and don’t have any problem with loosing data reformat it.

I am going to read about the boot-cd now that you mentioned.

My main computer now has gone down and has lost access to the internet, so i am sure my computer is now infected with something, but comodo, nod, malware cant see the problem.

Also i have now noticed there is no restore point on my win7 machine, which leads me to believe maybe something has deleted the restored points, because restore is switched on but there is nothing to go back to. Unless its some kind of bug in win7.

Currently using a laptop that is as old as the hills and doesn’t help me much.

Anyway thanks for the advice.


ps - dont want to format usb unless i absolutely have to.

mabezat removal, manual and using specific tools, is fully documented, it is enough to google serach “mabezat”.

I of course advocate myself for everyone to realize a booting device BEFORE being infected, and it can be anything and not specially a special av booting device, since the goal is to boot outside of the infected gui: e.g., any netware bootdisk or light linux distro is enough.

If it can be useful in the future, i have written a tutorial with a “how to” making such a multiboot repair stick:

I hope you diabled “autoplay” if not what version of windows do you have