1 Reply Latest reply on Nov 10, 2012 5:01 PM by rmetzger

    1053 time oute when install Virusscan 8.8

    snefi

      Hello

       

      When i try to install Mcafee Virusscan 8.8 i have error when start mcafee services:

      Error 1053: the service did not respond to the start or control request in a timely fashion

      i have W32/Xpaj.c infection on client.

        • 1. Re: 1053 time oute when install Virusscan 8.8
          rmetzger

          Hi Snefi

           

          snefi wrote:

           

          Hello

           

          When i try to install Mcafee Virusscan 8.8 i have error when start mcafee services:

          Error 1053: the service did not respond to the start or control request in a timely fashion

          i have W32/Xpaj.c infection on client.

          Well Xpaj is a nasty piece of work!

           

          It is likely that xpaj is blocking the installation processes of VSE services.

           

          Here is a document that may be informative (download):

          https://kb.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/ 23000/PD23756/en_US/McAfee_Labs_Threat_Advisory_W32_Xpaj.pdf

           

           

          A suggestion inside this document is to run Stinger:

          http://www.mcafee.com/apps/free-tools/termsofuse.aspx?url=/us/downloads/free-too ls/stinger.aspx

           

          I would suggest downloading Stinger on another clean PC and rename the .exe to .com to help avoid future infection when first connecting to the infected PC. Consider using a flash drive that you can 'dispose' of after use since it could be compromised as part of this process.

           

          The infection of Xpaj is rather extensive and probably too difficult to describe here. It is very possible that the MBR is now infected. Depending on the exact variant of xpaj, many of .exe, .dll, .sys, and .scr files are likely to be damaged beyond repair, requiring restoration from a known clean backup source. Additionally you will have to disable System Restore as it is likey infected and will act to re-infect as you go, unless SR is deleted.

           

          The document above describes why it may be better to disable the infection as a prelude to retrieving all important data to another system before completely rebuilding this system OS.

           

          Another tool may be useful (from Kaspersky):

          http://support.kaspersky.com/faq/?qid=208285208

           

          This tool is like stinger in nature.

           

          Here is another description of how to disable the infection (from Trend Micro):

          http://about-threats.trendmicro.com/Malware.aspx?language=au&name=PE_XPAJ.C

           

          The instructions here may give you some semi-manual methods for cleaning the system well enough to gain access to the drive, safely.

           

          If you believe that these instructions are not safe enough, consider using a bootable CD or flash drive to access the data, without booting from the C: drive. This would allow you to back up data as needed. Consider replacing the infected drive, since cleaning the infection may be difficult due the the nature of the MBR infection methods involved. A standard and complete OS reload may not clear the infected sectors at the end of the drive.

           

          Since the infected system may be attempting to infect other systems on your network, I would suggest physically removing any network wires or disabling the wireless adapter, in order to prevent further infections. Of course, you may need to test other systems in your network as well.

           

          These tools may be able to disable the infection long enough for you to be able to backup any data you deem critical and necessary.

           

          Hopefully this is helpful.

           

          Ron Metzger

           

          Message was edited by: rmetzger (Updated mcafee .pdf link) on 11/10/12 4:52:31 PM EST

           

          on 11/10/12 6:01:22 PM EST