Solved

W32/Generic!worm

Posted on 2007-03-24
3
2,023 Views
Last Modified: 2013-12-09
My Mcafee Detects the folowing virus for so many times but is only able to delete it but can't remove it from the system. Please tell me any free utility to remove it from my System

sal.xls.exe      W32/Generic!worm (Virus)
0
Comment
Question by:tsultan
  • 2
3 Comments
 
LVL 97

Accepted Solution

by:
war1 earned 500 total points
ID: 18787409
tsultan,

The worm may be in System Restore, so that is why you cannot delete it. Disable system restore.

This is Trend Micro description of the worm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CII

Here is how to remove it
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FVB%2ECII&VSect=Sn
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18787595
That's called  "flashdrive' infection, in every root partition it creates the files below: You need to remove autorun.inf in every root partition, it's hidden, you can see it in DOS prompt.

* \Autorun.inf --> used to autorun the worm when the drive is accessed, so must be removed.
* \sal.xls.exe
*Windows\ufdata2000.log

I would suggest running "Flash_Disinfector.exe" not sure if "sal.xls.exe" variant is covered yet but the tool creates a bogus "autorun.inf" which would help prevent the worm from loading and spreading.

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
According to the author, when flash_disinfector is run, it will create a bogus folder, autorun.inf in every partition. It wont stop the infected file from getting in, but it does prevent the loading point from getting created.


PrevX:(claims to remove it)
http://spywarefiles.prevx.com/RRDFGG29969813/SAL.XLS.EXE.html
0
 
LVL 97

Expert Comment

by:war1
ID: 18809816
tsultan, any update?
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line. I thought I’d share my experience with you. Why is it useful to be able to update an Antivirus from the command line?…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now