5 Replies Latest reply on Mar 13, 2015 8:48 AM by rmetzger

    W32/Xpaj.b Virus

    kumailesaf

      Hello Experts,

       

      Need your help!

      W32/Xpaj.b Virus attack has occur ar one of my client site, I already perform on demand scan on pcs,

      but whenever ps is connected to network, virus is detected on real time from particular source.

       

      My concern is how to remove the virus from entire network? how to deal with it?

       

      Please Help!

       

      Thank You!

        • 1. Re: W32/Xpaj.b Virus
          rmetzger

          kumailesaf wrote:

           

          W32/Xpaj.b Virus attack has occur ar one of my client site, I already perform on demand scan on pcs,

          but whenever ps is connected to network, virus is detected on real time from particular source.

           

          My concern is how to remove the virus from entire network? how to deal with it?

          This is the official McAfee document: http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=475516

          which describes shutting off the System Restore, Updating VSE DAT files, Scanning the system, and Rebuilding the MBR.

           

          Additionally, check for PWS.zbot variants as they may also be on your system. As you stated that when you connect to the network the detection returns, I suspect that the infection is attempting to contact the C&C servers. So, disinfect while disconnected from the network.

           

          Once the system(s) are clean, remember to turn on System Restore services.

           

          Hope this is Helpful.

          Ron Metzger

          • 2. Re: W32/Xpaj.b Virus
            Peter M

            Moved to Malware Discussion > Corporate User Assistance as a better spot for it.

            ---

            Peter

            Moderator

            • 3. Re: W32/Xpaj.b Virus
              kumailesaf

              Hello,

               

              I followed the steps mentioned in documents, but still facing the real time attack from particular source & unknown source...

              Screenshot is attached for ur reference.AttackSource_AET-MON-008(copy).bmp

              please help! 

              • 4. Re: W32/Xpaj.b Virus
                kumailesaf

                Hello,

                 

                I followed the steps mentioned in documents, but still facing the real time attack from particular source & unknown source...

                Screenshot is attached for ur reference.please help!

                AttackSource_AET-MON-008(copy).bmp

                • 5. Re: W32/Xpaj.b Virus
                  rmetzger

                  Hi

                   

                  Sorry for the late reply.

                   

                  Looking at the logs and the date and time of your reply, there is a 13 day opening between your reply and the infection alert.

                   

                  Are you sure you are still 'infected?'

                   

                  This particular infection is over 3 years old; I noticed that you are running Windows XP. What is the update level (service packs, security patches, etc.) installed?

                   

                  Please update all security updates MS has available, then follow up with a complete scan (on all suspected systems).

                   

                  If still having issues, contact your (your client's) McAfee Support Rep to help with the clean-up.

                   

                  Let us know how you are doing.

                  Ron Metzger