Bumping this to keep it in view, it should have been answered.
Information about the W32/xpaj.b virus can be found at http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=518930, which has a removal guide.
However, if this is a corporate network you will probably need advice from one of the forum helpers who specialise in McAfee Enterprise products. I can't be of much help with this.
Thx Hayton. Yes I've seen that link you've provided. We do have the latest DAT as the info link suggested. Just wondering if other companies have seen this still in their environment, and how they would have totally rid of this virus for it stop spreading and reinfecting machines even after McAfee detects and cleans.
Just bumping this topic, we currently have the same issue.
We are currently working on a server that got infected, three restarts and several ODS were performed before each restart but Xpaj still recurs.
Anyone got additional info on this? All we know is that the dll and exe's are already infected and vse does not seem to completely clean them out.
Are you in contact with Support about this infection? xpaj is *very* aggressive so please do contact Suport by phone if you have not already done so. Also your configuration need to be absolutely watertight when trying to remove this from an infected network, so providing Support with MERs is vitally important as well.
Thanks for the advise, we are currently in-contact with Tier 2 and McAfee labs regarding this.
Just some notes (if in case some users here are experiencing this too)
Created Access Protection policies for blocking write acess to:
files..but excluding the McAfee processes.. (scan32.exe, scan64.exe, mcshield.exe, etc)