Virus:Win32/Mabezat removal tips

The Virus:Win32/Mabezat is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Virus:Win32/Mabezat virus can do?

At least one process apparently crashed during execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Virus:Win32/Mabezat?


File Info:
name: 0BADC7B32D60E0426E26.mlw
path: /opt/CAPEv2/storage/binaries/a9059e98d0b29a8363589fd23e2b740186d5eb1947471f831cf59e8c910684c7
crc32: 315489AA
md5: 0badc7b32d60e0426e26a0f5b43e7cca
sha1: e570a731eb85c9969819859e4d9305066a61ce4b
sha256: a9059e98d0b29a8363589fd23e2b740186d5eb1947471f831cf59e8c910684c7
sha512: 4a238ec2a286ea84e90d908a9b4d7fb18a00abcee747d1bb3b8800a8f654696512dbbe8f47ab1c2e2d0aa232ba488eb760e29d8c46be8bc72a82dc146538539b
ssdeep: 1536:Qmci1jAg1ElEZIkXcNWxjuCV2Tvkc/8bcYS0B3ybc3cO:QmH1kGE2Z5XYWxj1VKkc/8wY3YcsO
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1848301029FA414D4FFF67C31AAB41B574CB1ADB2AD98DC6C01B0BBC66C30781E629167
sha3_384: d29de0a47a095a18f8edbf0f331dca07d8fd613190fc38c7384cad4b50fcbe19dade4c9437e9e8c421fde6504e90d24e
ep_bytes: 8ac7f7c2536e724a0fafcd3bf922e84a
timestamp: 2019-02-21 17:00:00

Version Info:
CompanyName: Igor Pavlov
FileDescription: 7-Zip Uninstaller
FileVersion: 19.00
InternalName: Uninstall
LegalCopyright: Copyright (c) 1999-2018 Igor Pavlov
OriginalFilename: Uninstall.exe
ProductName: 7-Zip
ProductVersion: 19.00
Translation: 0x0409 0x04b0

Virus:Win32/Mabezat also known as:

Bkav	W32.Sality.PE
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Sality.3
FireEye	Generic.mg.0badc7b32d60e042
CAT-QuickHeal	W32.Sality.U
Cylance	Unsafe
VIPRE	Virus.Win32.Sality.at (v)
Sangfor	Virus_Suspicious.Win32.Sality.bh
K7AntiVirus	Virus ( f10001071 )
BitDefender	Win32.Sality.3
K7GW	Virus ( f10001071 )
Cybereason	malicious.32d60e
Baidu	Win32.Virus.Sality.gen
VirIT	Win32.Sality.BH
Cyren	W32/Sality.gen2
Symantec	W32.Sality.AE
ESET-NOD32	Win32/Sality.NBA
APEX	Malicious
Kaspersky	Virus.Win32.Sality.sil
NANO-Antivirus	Virus.Win32.Sality.beygb
Rising	Malware.Heuristic!ET#88% (RDMK:cmRtazrEnnb59NVg8jaM4PpaI5Ho)
TACHYON	Virus/W32.Sality.D
Emsisoft	Win32.Sality.3 (B)
Comodo	Virus.Win32.Sality.gen@1egj5j
DrWeb	Win32.Sector.30
Zillya	Virus.Sality.Win32.25
TrendMicro	PE_SALITY.RL
McAfee-GW-Edition	BehavesLike.Win32.Sality.mc
Sophos	ML/PE-A + Mal/Sality-D
SentinelOne	Static AI – Malicious PE
Jiangmin	Win32/HLLP.Kuku.poly2
Avira	W32/Sality.AT
Antiy-AVL	Trojan/Generic.ASVirus.C4
Microsoft	Virus:Win32/Mabezat.gen
ViRobot	Win32.Sality.Gen.A
GData	Win32.Sality.3
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/Kashu.E
McAfee	W32/Sality.gen.z
MAX	malware (ai score=83)
VBA32	Virus.Win32.Sality.bakc
Panda	W32/Sality.AA
TrendMicro-HouseCall	PE_SALITY.RL
Tencent	Virus.Win32.TuTu.Gen.200004
Ikarus	Virus.Win32.Sality
Fortinet	W32/CoinMiner.BH
BitDefenderTheta	AI:FileInfector.A5ECCBAB0E
AVG	Win32:SaliCode [Inf]
Avast	Win32:SaliCode [Inf]
CrowdStrike	win/malicious_confidence_70% (D)

How to remove Virus:Win32/Mabezat?

Virus:Win32/Mabezat removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X