Ticker

6/recent/ticker-posts

How to remove tazebama.dll virus?


How to remove tazebama.dll virus?


tazebama commonly known as Win32.Mabezat is a worm that spreads through email, removable drives and network shares protected by weak passwords. It also infects executable files and encrypts data files.



Symptoms:

tazebama.dll

tazebama.dl_

hook.dl_

If infected by the Win32.Mabezat virus you are likely to encounter these file names during your system usage through sometimes as messages showing some error warnings ,during file deletions,formatting your
drives.Also a file named 1.taz will also be present which when deleted will be restored.An error with file name zPharaoh.exe will also be found.

The virus copies itself into existing folders of removable drives. The following filenames are used:

Adjust Time.exe
AmericanOnLine.exe
Antenna2Net.exe
BrowseAllUsers.exe
CD Burner.exe
Crack_GoogleEarthPro.exe
Disk Defragmenter.exe
FaxSend.exe
FloppyDiskPartion.exe
GoogleToolbarNotifier.exe
HP_LaserJetAllInOneConfig.exe
IDE Conector P2P.exe
InstallMSN11Ar.exe
InstallMSN11En.exe
JetAudio dump.exe
KasperSky6.0 Key.doc.exe
Lock Folder.exe
LockWindowsPartition.exe
Make Windows Original.exe
MakeUrOwnFamilyTree.exe
Microsoft MSN.exe
Microsoft Windows Network.exe
msjavx86.exe
NokiaN73Tools.exe
Office2003 CD-Key.doc.exe
Office2007 Serial.txt.exe
PanasonicDVD_DigitalCam.exe
RadioTV.exe
Recycle Bin.exe
RecycleBinProtect.exe
ShowDesktop.exe
Sony Erikson DigitalCam.exe
Win98compatibleXP.exe
Windows Keys Secrets.exe
WindowsXp StartMenu Settings.exe
WinrRarSerialInstall.exe

The name of the file may be based on the name of an existing file or folder. The extension of the file is ".exe".
The following Registry entries are removed:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"

The following Registry entries are set:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Hidden" = 2

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "HideFileExt" = 1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "ShowSuperHidden" = 0

Virus Removal:


1. Delete registry values created by Win32.Mabezat.

Delete the following files and directories:


%SystemDrive%\Documents and Settings\tazebama.dl_


%SystemDrive%\Documents and Settings\hook.dl_


%UserProfile%\Start Menu\Programs\Startup\zPharoh.exe


%SystemDrive%\Documents and Settings\tazebama.dll


%SystemDrive%\Documents and Settings\[USER NAME]\Application Data\tazebama


%SystemDrive%\Documents and Settings\[USER NAME]\Application Data\tazebama\tazebama.log


%SystemDrive%\Documents and Settings\[USER NAME]\Application Data\tazebama\zPharaoh.dat

Sometimes it won't allow you to delete them or they will be replicated once you delete it.Then

you can use any of these methods

Download the following files rmmabez.exe from AVG.Restart computer, then run the removal tool with parameter C:\ to heal the infected files. You can specify more drives (example: rmmabez C:\ D:\).

If you are not sure about the removal of virus then there are lots of freewares and commercial trials of antiviruses available.You can download any of them as most of the antiviruses pick this worm.some suggestions are:

- Norton AntiVir

-Avast

-AVG

-Avira

-Eset

These can be downloaded from:filehippo.com/softwares/antivirus

CAUTION:

-TAKE EXTRA CARE WHILE EDITTING YOUR REGISTRY AS IT MAY DAMAGE YOUR SYSTEM.

-ALWAYS UPDATE YOUR ANTIVIRUS


Hope you find this post helpful.Post your comments

Share this

Post a Comment

0 Comments