This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects W32.Xpaj.B activity which may download more files on to the compromised computer.
W32.Xpaj.B is a virus that infects .dll, .exe, .scr, and .sys files on the compromised computer.
Once executed, the virus searches the compromised computer for files with the following extensions and infects them:
The virus creates the following file to mark its presence:
%Windir%\[FOUR RANDOM NUMBERS FOLLOWED BY FOUR RANDOM LETTERS].tmp
It may also create the following file:
The virus checks for Internet connectivity by attempting to contact the following domain:
Then, the virus attempts to contact its control server using the following URL:
Note: [SERVER ADDRESS] may be one of the following remote locations:
The virus may download and execute additional malicious files.
The virus may spread by copying itself to removable drives.
It may also create the following file so that it runs whenever the drives are accessed:
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.
* Disable System Restore (Windows Me/XP)
* Update the virus definitions
* Run a full system scan.