?
Solved

W32/Generic!worm

Posted on 2007-03-24
3
Medium Priority
?
2,121 Views
Last Modified: 2013-12-09
My Mcafee Detects the folowing virus for so many times but is only able to delete it but can't remove it from the system. Please tell me any free utility to remove it from my System

sal.xls.exe      W32/Generic!worm (Virus)
0
Comment
Question by:tsultan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 97

Accepted Solution

by:
war1 earned 2000 total points
ID: 18787409
tsultan,

The worm may be in System Restore, so that is why you cannot delete it. Disable system restore.

This is Trend Micro description of the worm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CII

Here is how to remove it
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FVB%2ECII&VSect=Sn
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18787595
That's called  "flashdrive' infection, in every root partition it creates the files below: You need to remove autorun.inf in every root partition, it's hidden, you can see it in DOS prompt.

* \Autorun.inf --> used to autorun the worm when the drive is accessed, so must be removed.
* \sal.xls.exe
*Windows\ufdata2000.log

I would suggest running "Flash_Disinfector.exe" not sure if "sal.xls.exe" variant is covered yet but the tool creates a bogus "autorun.inf" which would help prevent the worm from loading and spreading.

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
According to the author, when flash_disinfector is run, it will create a bogus folder, autorun.inf in every partition. It wont stop the infected file from getting in, but it does prevent the loading point from getting created.


PrevX:(claims to remove it)
http://spywarefiles.prevx.com/RRDFGG29969813/SAL.XLS.EXE.html
0
 
LVL 97

Expert Comment

by:war1
ID: 18809816
tsultan, any update?
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some site administrators might be considering how to filter incoming traffic to a site by identifying the domains or networks of the traffic source, in the same way that a spam filter does on an email server, such as blocking all emails sent from th…
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question