Link to home
Start Free TrialLog in
Avatar of In_Ness_EE01
In_Ness_EE01

asked on

How to remove Tazebama.dll virus

Hi,

I have a serious issue in a XP machine. I have used usb and through that machine got affected by Tazebama.dll trojan. After that the tazebama.dll process i can see in task manager. I have reinstalled the OS in system drive and then if i access any other drive the same process gets started and as a result i am not able to delete any folder from any drive. It has generated duplicate folder inside each and every folder in my machine.Apart from that abode online.com and adobe update.com are two processes that also runs simultaneously.

Do anybody has solutions for the same? Please let me know.

Note: I do not have internet connection for the same machine.
Avatar of xmachine
xmachine
Flag of Kuwait image

Hi,

1) Download & run CCleaner to clean your system (including registry) from junk files/registry keys

http://www.ccleaner.com/download 

2) Download and run HijackThis portable and attach the log here for analysis
 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

3) Download & run GMER (rootkit scanner) from (http://www2.gmer.net/gmer.zip)

Start GMER, select all options on the right side, after scanning is finished, click on save. Attach the log file here

4) Do you have mapped drives?

5) Run the following commands in CMD :

C:\dir /a:h > output.txt

Please post the text here

Another option for you is to run SuperAntiSpyware (www.superantispyware.com) to remove this threat. Make sure to run Update first before running the wizard to have the latest definitions.

Hope it helps.
Avatar of Mohamed Osama
This is a W32.MaBezat infection , which quoting Symantec page below 
W32.Mabezat.B is a worm that spreads through email, removable drives and network shares protected by weak passwords. It also infects executable files and encrypts data files.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-120113-2635-99
it appears your system became infected again even after reinstalling the OS because Drive autorun aka Autoplay is enabled, and the worm has used this technique to keep a backup of itself there.
in order to recover you must  have an installed antivirus program , this is because there is a virus compoenent here which encrypts your files in a way that they need to be cleaned by an antivirus program, Antispyware programs will do nothing here.
some excellent & free for home use Antivirus programs 
Avira
Avast
however in order to recover from the main infection, you can try running Combofix ,Malwarebytesflash disinfector.
P.S: if you have no internet  on that machine, download the tools elsewhere, rename the files & copy to that machine using CD or Flash drie.

ASKER CERTIFIED SOLUTION
Avatar of Tony Giangreco
Tony Giangreco
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of In_Ness_EE01
In_Ness_EE01

ASKER

Finally the problem has been resolved login in Safemode and run full scan with the latest Sysmantec definition file. Thanks a lot.
Malwarebytes didnt get it even after reboot out from SafeMode for me.