How to remove Tazebama.dll virus

Hi,

I have a serious issue in a XP machine. I have used usb and through that machine got affected by Tazebama.dll trojan. After that the tazebama.dll process i can see in task manager. I have reinstalled the OS in system drive and then if i access any other drive the same process gets started and as a result i am not able to delete any folder from any drive. It has generated duplicate folder inside each and every folder in my machine.Apart from that abode online.com and adobe update.com are two processes that also runs simultaneously.

Do anybody has solutions for the same? Please let me know.

Note: I do not have internet connection for the same machine.
LVL 1
In_Ness_EE01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

xmachineCommented:
Hi,

1) Download & run CCleaner to clean your system (including registry) from junk files/registry keys

http://www.ccleaner.com/download 

2) Download and run HijackThis portable and attach the log here for analysis
 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

3) Download & run GMER (rootkit scanner) from (http://www2.gmer.net/gmer.zip)

Start GMER, select all options on the right side, after scanning is finished, click on save. Attach the log file here

4) Do you have mapped drives?

5) Run the following commands in CMD :

C:\dir /a:h > output.txt

Please post the text here

warturtleCommented:
Another option for you is to run SuperAntiSpyware (www.superantispyware.com) to remove this threat. Make sure to run Update first before running the wizard to have the latest definitions.

Hope it helps.
Mohamed OsamaSenior IT ConsultantCommented:
This is a W32.MaBezat infection , which quoting Symantec page below 
W32.Mabezat.B is a worm that spreads through email, removable drives and network shares protected by weak passwords. It also infects executable files and encrypts data files.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-120113-2635-99
it appears your system became infected again even after reinstalling the OS because Drive autorun aka Autoplay is enabled, and the worm has used this technique to keep a backup of itself there.
in order to recover you must  have an installed antivirus program , this is because there is a virus compoenent here which encrypts your files in a way that they need to be cleaned by an antivirus program, Antispyware programs will do nothing here.
some excellent & free for home use Antivirus programs 
Avira
Avast
however in order to recover from the main infection, you can try running Combofix ,Malwarebytesflash disinfector.
P.S: if you have no internet  on that machine, download the tools elsewhere, rename the files & copy to that machine using CD or Flash drie.

Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

Tony GiangrecoCommented:
Restart into safe mode and run your anti virus and spyware detection programs. I suggest running this series in three back to back cycles, rebooting once per cycle back into safe mode:

1, Malwarebytes
2. SuperAntiSpyware
3. Spybot
4. Symantec Endpoint or Symantec Corp AntiVirus

After three complete cycles, reboot into normal mode. If the situation continues, go to TrendMicro and run the online scan Housecall

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
In_Ness_EE01Author Commented:
Finally the problem has been resolved login in Safemode and run full scan with the latest Sysmantec definition file. Thanks a lot.
JAaron AndersonProgramming Architect @ Widener UniversityCommented:
Malwarebytes didnt get it even after reboot out from SafeMode for me.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.