Video Screencast Help

W32.Xpaj.B Virus removal

Created: 21 Nov 2012 | 4 comments

Help!!!! We have been compromised at our facility by the above malware/virus.  It has proven to be a real headache because it infects dlls, exe apps, system files, etc.  We are currently running Symantec 11D if I am not mistaken.  Does anyone have a proven removal process????

Currently we are running tdsskiller, and xpajkiller after disabling system restore.

clients are windows xp/server 2003

Comments 4 CommentsJump to latest comment

ᗺrian's picture

Here is the Symantec writeup/removal

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ajit Jha's picture

Follow the Steps below:

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Run a full system scan.


Ajit Jha

Technical Consultant


Ashish-Sharma's picture


Checvk this blog

W32.Xpaj.B is a File Infector with a Vengeance

Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture


Looks like we have a new MBR infection in the wild.

Boot.Xpaj.B is a detection for a Master Boot Record (MBR) infected by W32.Xpaj.B.

Check these Whitepaper and BLOG's -

WhitePaper - W32.Xpaj.B - Making Easy Money from Complex Code

W32.Xpaj.B is a File Infector with a Vengeance

Plan of Action :

Incase if the above plan of Action does not work, I would suggest you to create a Case with Symantec Technical Support.

How to create a new case in MySymantec

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000
Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.