Help!!!! We have been compromised at our facility by the above malware/virus.  It has proven to be a real headache because it infects dlls, exe apps, system files, etc.  We are currently running Symantec 11D if I am not mistaken.  Does anyone have a proven removal process????

Currently we are running tdsskiller, and xpajkiller after disabling system restore.

clients are windows xp/server 2003

Here is the Symantec writeup/removal

http://www.symantec.com/security_response/writeup.jsp?docid=2009-091613-1844-99&tabid=3

Follow the Steps below:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.

HI,

Checvk this blog

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Hello,

Looks like we have a new MBR infection in the wild.

Boot.Xpaj.B is a detection for a Master Boot Record (MBR) infected by W32.Xpaj.B.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-042517-0047-99

Check these Whitepaper and BLOG's -

WhitePaper - W32.Xpaj.B - Making Easy Money from Complex Code

https://www-secure.symantec.com/connect/downloads/whitepaper-w32xpajb-making-easy-money-complex-code

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Plan of Action :

• Run the Symantec Power Eraser with the Symantec Endpoint Protection Support Tool
• Symantec Power Eraser Overview
• Symantec Power Eraser User Guide

Incase if the above plan of Action does not work, I would suggest you to create a Case with Symantec Technical Support.

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

• United States: https://support.broadcom.com (407-357-7600 from outside the United States)
• Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
• United Kingdom: +44 (0) 870 606 6000