Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
If you can't do it, make sure you do it right after scrubbing; the virus
spreads over it.
Xpaj has two components: a rootkit and infections. The rootkit will be removed with TDSSKiller, the infection we'll
get to later. Go ahead and boot your machine, login as admin on the domain, and download TDSSKiller. Run it with
the default configuration. Whether it scrubs anything or not, we now know we have a rootkit-less system.
Go ahead and go back to your computer. We're now going to burn a Kaspersky Rescue disk. Download the ISO and
burn it to a CD. Stick it in the infected system, turn the infected system off, and boot onto the CD. Choose English,
etc... and boot to graphical mode. Kaspersky scanner will appear. Connect a network cable, and update the
definitions (go to the Update Center tab and update definitions; should take about 1:30 minutes.). Then run a scan.
Expect about an hour for the scan, sometimes longer. It will say it has discovered threats.
First, select disinfect and check the Apply to All box on the infection alert that pops up. Another alert will pop up
with disinfect greyed out; select delete this time, and then apply to all. It should do its business and shut itself down
or give a confirmation message depending on how the wind is blowing. Go ahead and shut down now. It's stable, but
not out of the woods yet.
where X is your system drive (9 times out of 10, it's 'C'). For Windows XP, boot into the standard OS, then insert
your disk and run, at an elevated command prompt:
sfc /scannow
and you're done. Note if you can't even get to a CMD line (and no, the one on the boot disk won't work), you're SOL
and will have to do a reinstall. Sorry. If Windows 7 gives you errors syaing a service cannot be started or there
is a repair pending, you'll have to boot into the full OS, insert the installer CD, and run:
scf /scannow
Cleaning Up
Boot into Windows and login. Download Trend Micro House Call or the 64 bit version if applicable. Run a full (not
quick!) scan. If it turns up with no infections, download Microsoft Security Essentials and run a full scan. If either
Trend or MSSE come up dirty, start everything over. If they're clean congratulations!
Note if you are installing printers, you must install them manually because Xpaj WILL spread over printer
shares.
Checklist
Machine name: ___________________________
User: ____________________________________
Schedule: ________________________________
Engineer: ________________________________
Disable NetBIOS
Run TDSSKiller.exe
Boot Kaspersky; run a clean sweep and disinfect what you can; delete the rest
Download and run Trend Micro Housecall. If it fails, start over with TDSSKiller.exe
Download and run Microsoft Security Essentials. If it fails, start over with TDSSKiller.exe
Notes:_________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________
______________________________________________________________________________