In_Ness_EE01
asked on
How to remove Tazebama.dll virus
Hi,
I have a serious issue in a XP machine. I have used usb and through that machine got affected by Tazebama.dll trojan. After that the tazebama.dll process i can see in task manager. I have reinstalled the OS in system drive and then if i access any other drive the same process gets started and as a result i am not able to delete any folder from any drive. It has generated duplicate folder inside each and every folder in my machine.Apart from that abode online.com and adobe update.com are two processes that also runs simultaneously.
Do anybody has solutions for the same? Please let me know.
Note: I do not have internet connection for the same machine.
I have a serious issue in a XP machine. I have used usb and through that machine got affected by Tazebama.dll trojan. After that the tazebama.dll process i can see in task manager. I have reinstalled the OS in system drive and then if i access any other drive the same process gets started and as a result i am not able to delete any folder from any drive. It has generated duplicate folder inside each and every folder in my machine.Apart from that abode online.com and adobe update.com are two processes that also runs simultaneously.
Do anybody has solutions for the same? Please let me know.
Note: I do not have internet connection for the same machine.
Another option for you is to run SuperAntiSpyware (www.superantispyware.com) to remove this threat. Make sure to run Update first before running the wizard to have the latest definitions.
Hope it helps.
Hope it helps.
This is a W32.MaBezat infection , which quoting Symantec page below
W32.Mabezat.B is a worm that spreads through email, removable drives and network shares protected by weak passwords. It also infects executable files and encrypts data files.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-120113-2635-99
it appears your system became infected again even after reinstalling the OS because Drive autorun aka Autoplay is enabled, and the worm has used this technique to keep a backup of itself there.
in order to recover you must have an installed antivirus program , this is because there is a virus compoenent here which encrypts your files in a way that they need to be cleaned by an antivirus program, Antispyware programs will do nothing here.
some excellent & free for home use Antivirus programs
Avira
Avast
however in order to recover from the main infection, you can try running Combofix ,Malwarebytes & flash disinfector.
P.S: if you have no internet on that machine, download the tools elsewhere, rename the files & copy to that machine using CD or Flash drie.
W32.Mabezat.B is a worm that spreads through email, removable drives and network shares protected by weak passwords. It also infects executable files and encrypts data files.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-120113-2635-99
it appears your system became infected again even after reinstalling the OS because Drive autorun aka Autoplay is enabled, and the worm has used this technique to keep a backup of itself there.
in order to recover you must have an installed antivirus program , this is because there is a virus compoenent here which encrypts your files in a way that they need to be cleaned by an antivirus program, Antispyware programs will do nothing here.
some excellent & free for home use Antivirus programs
Avira
Avast
however in order to recover from the main infection, you can try running Combofix ,Malwarebytes & flash disinfector.
P.S: if you have no internet on that machine, download the tools elsewhere, rename the files & copy to that machine using CD or Flash drie.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Finally the problem has been resolved login in Safemode and run full scan with the latest Sysmantec definition file. Thanks a lot.
Malwarebytes didnt get it even after reboot out from SafeMode for me.
1) Download & run CCleaner to clean your system (including registry) from junk files/registry keys
http://www.ccleaner.com/download
2) Download and run HijackThis portable and attach the log here for analysis
(http://www.portableshare.com/downloads/HijackThis-Portable.html)
3) Download & run GMER (rootkit scanner) from (http://www2.gmer.net/gmer.zip)
Start GMER, select all options on the right side, after scanning is finished, click on save. Attach the log file here
4) Do you have mapped drives?
5) Run the following commands in CMD :
C:\dir /a:h > output.txt
Please post the text here