Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

W32.Xpaj.B Virus removal

Created: 21 Nov 2012 | 4 comments

Help!!!! We have been compromised at our facility by the above malware/virus.  It has proven to be a real headache because it infects dlls, exe apps, system files, etc.  We are currently running Symantec 11D if I am not mistaken.  Does anyone have a proven removal process????

Currently we are running tdsskiller, and xpajkiller after disabling system restore.

clients are windows xp/server 2003

Comments 4 CommentsJump to latest comment

Brɨan's picture

Here is the Symantec writeup/removal

http://www.symantec.com/security_response/writeup....

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ajit Jha's picture

Follow the Steps below:

  1. Disable System Restore (Windows Me/XP).
  2. Update the virus definitions.
  3. Run a full system scan.

Regard's

Ajit Jha

Technical Consultant

ASC & STS

Ashish-Sharma's picture

HI,

Checvk this blog

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Thanks In Advance

Ashish Sharma

Mithun Sanghavi's picture

Hello,

Looks like we have a new MBR infection in the wild.

Boot.Xpaj.B is a detection for a Master Boot Record (MBR) infected by W32.Xpaj.B.

http://www.symantec.com/security_response/writeup.jsp?docid=2012-042517-0047-99

Check these Whitepaper and BLOG's -

WhitePaper - W32.Xpaj.B - Making Easy Money from Complex Code

https://www-secure.symantec.com/connect/downloads/whitepaper-w32xpajb-making-easy-money-complex-code

W32.Xpaj.B is a File Infector with a Vengeance

https://www-secure.symantec.com/connect/blogs/w32xpajb-file-infector-vengeance

Plan of Action :

Incase if the above plan of Action does not work, I would suggest you to create a Case with Symantec Technical Support.

How to create a new case in MySymantec

http://www.symantec.com/business/support/index?page=content&id=TECH58873

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000
 
Hope that helps!!

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.