Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

W32.Xpaj.B Virus removal

Created: 21 Nov 2012 | 4 comments

Help!!!! We have been compromised at our facility by the above malware/virus.  It has proven to be a real headache because it infects dlls, exe apps, system files, etc.  We are currently running Symantec 11D if I am not mistaken.  Does anyone have a proven removal process????

 

Currently we are running tdsskiller, and xpajkiller after disabling system restore.

clients are windows xp/server 2003

Comments 4 CommentsJump to latest comment

.Brian's picture

Here is the Symantec writeup/removal

http://www.symantec.com/security_response/writeup....

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ajit Jha's picture

Follow the Steps below:

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Run a full system scan.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ashish-Sharma's picture

HI,

Checvk this blog

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Thanks In Advance

Ashish Sharma

 

 

Mithun Sanghavi's picture

Hello,

Looks like we have a new MBR infection in the wild.

Boot.Xpaj.B is a detection for a Master Boot Record (MBR) infected by W32.Xpaj.B.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-042517-0047-99

Check these Whitepaper and BLOG's -

WhitePaper - W32.Xpaj.B - Making Easy Money from Complex Code

https://www-secure.symantec.com/connect/downloads/whitepaper-w32xpajb-making-easy-money-complex-code

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Plan of Action :

Incase if the above plan of Action does not work, I would suggest you to create a Case with Symantec Technical Support.

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000
 
Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.