Solved

W32/Generic!worm

Posted on 2007-03-24
3
2,081 Views
Last Modified: 2013-12-09
My Mcafee Detects the folowing virus for so many times but is only able to delete it but can't remove it from the system. Please tell me any free utility to remove it from my System

sal.xls.exe      W32/Generic!worm (Virus)
0
Comment
Question by:tsultan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 97

Accepted Solution

by:
war1 earned 500 total points
ID: 18787409
tsultan,

The worm may be in System Restore, so that is why you cannot delete it. Disable system restore.

This is Trend Micro description of the worm
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_VB.CII

Here is how to remove it
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FVB%2ECII&VSect=Sn
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18787595
That's called  "flashdrive' infection, in every root partition it creates the files below: You need to remove autorun.inf in every root partition, it's hidden, you can see it in DOS prompt.

* \Autorun.inf --> used to autorun the worm when the drive is accessed, so must be removed.
* \sal.xls.exe
*Windows\ufdata2000.log

I would suggest running "Flash_Disinfector.exe" not sure if "sal.xls.exe" variant is covered yet but the tool creates a bogus "autorun.inf" which would help prevent the worm from loading and spreading.

http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
According to the author, when flash_disinfector is run, it will create a bogus folder, autorun.inf in every partition. It wont stop the infected file from getting in, but it does prevent the loading point from getting created.


PrevX:(claims to remove it)
http://spywarefiles.prevx.com/RRDFGG29969813/SAL.XLS.EXE.html
0
 
LVL 97

Expert Comment

by:war1
ID: 18809816
tsultan, any update?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

PREFACE The purpose of this guide is to explain how to manually move a SEP client to a different client group by performing steps on the client-side. These steps may prove particularly useful because they allow the client to move after it has alrea…
For those of you actively in the Malware fightling business, we now have available an amazing new tool in the malware wars (first recommended to me by rpggamergirl (http://www.experts-exchange.com/M_3598771.html), the Zone Advisor for the Virus and …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question