Solved

W32/Generic!worm

Posted on 2007-03-24
3
2,064 Views
Last Modified: 2013-12-09
My Mcafee Detects the folowing virus for so many times but is only able to delete it but can't remove it from the system. Please tell me any free utility to remove it from my System

sal.xls.exe      W32/Generic!worm (Virus)
0
Comment
Question by:tsultan
  • 2
3 Comments
 
LVL 97

Accepted Solution

by:
war1 earned 500 total points
ID: 18787409
tsultan,

The worm may be in System Restore, so that is why you cannot delete it. Disable system restore.

This is Trend Micro description of the worm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CII

Here is how to remove it
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FVB%2ECII&VSect=Sn
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18787595
That's called  "flashdrive' infection, in every root partition it creates the files below: You need to remove autorun.inf in every root partition, it's hidden, you can see it in DOS prompt.

* \Autorun.inf --> used to autorun the worm when the drive is accessed, so must be removed.
* \sal.xls.exe
*Windows\ufdata2000.log

I would suggest running "Flash_Disinfector.exe" not sure if "sal.xls.exe" variant is covered yet but the tool creates a bogus "autorun.inf" which would help prevent the worm from loading and spreading.

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
According to the author, when flash_disinfector is run, it will create a bogus folder, autorun.inf in every partition. It wont stop the infected file from getting in, but it does prevent the loading point from getting created.


PrevX:(claims to remove it)
http://spywarefiles.prevx.com/RRDFGG29969813/SAL.XLS.EXE.html
0
 
LVL 97

Expert Comment

by:war1
ID: 18809816
tsultan, any update?
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question