Previous Post Next Post

W32.Xpaj.B Virus removal

Created: 21 Nov 2012 | 4 comments

SysAdmin28

Help!!!! We have been compromised at our facility by the above malware/virus. It has proven to be a real headache because it infects dlls, exe apps, system files, etc. We are currently running Symantec 11D if I am not mistaken. Does anyone have a proven removal process????

Currently we are running tdsskiller, and xpajkiller after disabling system restore.

clients are windows xp/server 2003

Discussion Filed Under:

Security, Endpoint Protection (AntiVirus) - 11.x, Endpoint Protection (AntiVirus)

Login or register to post comments
Comments RSS Feed

Comments 4 Comments • Jump to latest comment

Brian81 Trusted Advisor

W32.Xpaj.B Virus removal - Comment:21 Nov 2012 : Link

Here is the Symantec writeup/removal

http://www.symantec.com/security_response/writeup....

SEP Knowledge Base

Endpoint SWAT

Ajit Jha Partner Accredited

W32.Xpaj.B Virus removal - Comment:21 Nov 2012 : Link

Follow the Steps below:

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ashish-Sharma

W32.Xpaj.B Virus removal - Comment:21 Nov 2012 : Link

HI,

Checvk this blog

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents

Mithun Sanghavi Symantec Employee Technical Support Accredited

W32.Xpaj.B Virus removal - Comment:22 Nov 2012 : Link

Hello,

Looks like we have a new MBR infection in the wild.

Boot.Xpaj.B is a detection for a Master Boot Record (MBR) infected by W32.Xpaj.B.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-042517-0047-99

Check these Whitepaper and BLOG's -

WhitePaper - W32.Xpaj.B - Making Easy Money from Complex Code

https://www-secure.symantec.com/connect/downloads/whitepaper-w32xpajb-making-easy-money-complex-code

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Plan of Action :

Incase if the above plan of Action does not work, I would suggest you to create a Case with Symantec Technical Support.

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

Additional contact numbers: http://www.symantec.com/business/support/contact_techsupp_static.jsp

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a