How to remove Tazebama.dll virus

In_Ness_EE01
In_Ness_EE01 used Ask the Experts™
on
Hi,

I have a serious issue in a XP machine. I have used usb and through that machine got affected by Tazebama.dll trojan. After that the tazebama.dll process i can see in task manager. I have reinstalled the OS in system drive and then if i access any other drive the same process gets started and as a result i am not able to delete any folder from any drive. It has generated duplicate folder inside each and every folder in my machine.Apart from that abode online.com and adobe update.com are two processes that also runs simultaneously.

Do anybody has solutions for the same? Please let me know.

Note: I do not have internet connection for the same machine.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Hi,

1) Download & run CCleaner to clean your system (including registry) from junk files/registry keys

http://www.ccleaner.com/download 

2) Download and run HijackThis portable and attach the log here for analysis
 (http://www.portableshare.com/downloads/HijackThis-Portable.html)

3) Download & run GMER (rootkit scanner) from (http://www2.gmer.net/gmer.zip)

Start GMER, select all options on the right side, after scanning is finished, click on save. Attach the log file here

4) Do you have mapped drives?

5) Run the following commands in CMD :

C:\dir /a:h > output.txt

Please post the text here

Another option for you is to run SuperAntiSpyware (www.superantispyware.com) to remove this threat. Make sure to run Update first before running the wizard to have the latest definitions.

Hope it helps.
Mohamed OsamaSenior IT Consultant

Commented:
This is a W32.MaBezat infection , which quoting Symantec page below 
W32.Mabezat.B is a worm that spreads through email, removable drives and network shares protected by weak passwords. It also infects executable files and encrypts data files.
http://www.symantec.com/business/security_response/writeup.jsp?docid=2007-120113-2635-99
it appears your system became infected again even after reinstalling the OS because Drive autorun aka Autoplay is enabled, and the worm has used this technique to keep a backup of itself there.
in order to recover you must  have an installed antivirus program , this is because there is a virus compoenent here which encrypts your files in a way that they need to be cleaned by an antivirus program, Antispyware programs will do nothing here.
some excellent & free for home use Antivirus programs 
Avira
Avast
however in order to recover from the main infection, you can try running Combofix ,Malwarebytesflash disinfector.
P.S: if you have no internet  on that machine, download the tools elsewhere, rename the files & copy to that machine using CD or Flash drie.

Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Restart into safe mode and run your anti virus and spyware detection programs. I suggest running this series in three back to back cycles, rebooting once per cycle back into safe mode:

1, Malwarebytes
2. SuperAntiSpyware
3. Spybot
4. Symantec Endpoint or Symantec Corp AntiVirus

After three complete cycles, reboot into normal mode. If the situation continues, go to TrendMicro and run the online scan Housecall

Author

Commented:
Finally the problem has been resolved login in Safemode and run full scan with the latest Sysmantec definition file. Thanks a lot.
JAaron AndersonProgramming Architect @ Widener University

Commented:
Malwarebytes didnt get it even after reboot out from SafeMode for me.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial