Scribd Logo
Carica

Benvenuto in Scribd!

  • XPAJ Malware Procedure

    Caricato da

    jack.kingsman9237
    14 visualizzazioni2 pagine
    Methodology for clearing and securing systems infected with XPAJ malware.

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    Methodology for clearing and securing systems infected with XPAJ malware.

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    14 visualizzazioni2 pagine

    XPAJ Malware Procedure

    Caricato da

    jack.kingsman9237
    Methodology for clearing and securing systems infected with XPAJ malware.

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    Before we even get started, disable NetBIOS.

    If you can't do it, make sure you do it right after scrubbing; the virus
    spreads over it.

    Xpaj has two components: a rootkit and infections. The rootkit will be removed with TDSSKiller, the infection we'll
    get to later. Go ahead and boot your machine, login as admin on the domain, and download TDSSKiller. Run it with
    the default configuration. Whether it scrubs anything or not, we now know we have a rootkit-less system.

    Go ahead and go back to your computer. We're now going to burn a Kaspersky Rescue disk. Download the ISO and
    burn it to a CD. Stick it in the infected system, turn the infected system off, and boot onto the CD. Choose English,
    etc... and boot to graphical mode. Kaspersky scanner will appear. Connect a network cable, and update the
    definitions (go to the Update Center tab and update definitions; should take about 1:30 minutes.). Then run a scan.
    Expect about an hour for the scan, sometimes longer. It will say it has discovered threats.

    First, select disinfect and check the Apply to All box on the infection alert that pops up. Another alert will pop up
    with disinfect greyed out; select delete this time, and then apply to all. It should do its business and shut itself down
    or give a confirmation message depending on how the wind is blowing. Go ahead and shut down now. It's stable, but
    not out of the woods yet.

    Fixing the Damage


    In this virus scan Kaspersky performed, it couldn't disinfect everything, so it devoured the rest. In this process, it
    bodyslammed such vital files as explorer.exe, hal.dll, and just about every other delicate file imaginable. To fix this
    in Windows 7, we're going to have to boot with your installation media. Get to your install disk and boot up off it,
    going to the recovery prompt and running:

    sfc /scannow /offbootdir=X:\ /offwindir=X:\Windows

    where X is your system drive (9 times out of 10, it's 'C'). For Windows XP, boot into the standard OS, then insert
    your disk and run, at an elevated command prompt:
    sfc /scannow

    and you're done. Note if you can't even get to a CMD line (and no, the one on the boot disk won't work), you're SOL
    and will have to do a reinstall. Sorry. If Windows 7 gives you errors syaing a service cannot be started or there
    is a repair pending, you'll have to boot into the full OS, insert the installer CD, and run:
    scf /scannow

    Cleaning Up
    Boot into Windows and login. Download Trend Micro House Call or the 64 bit version if applicable. Run a full (not
    quick!) scan. If it turns up with no infections, download Microsoft Security Essentials and run a full scan. If either
    Trend or MSSE come up dirty, start everything over. If they're clean congratulations!

    YOU JUST KICKED XPAJ RIGHT IN ITS FURRY LITTLE BEHIND!

    Note if you are installing printers, you must install them manually because Xpaj WILL spread over printer
    shares.
    Checklist
    Machine name: ___________________________

    User: ____________________________________

    Schedule: ________________________________

    Engineer: ________________________________

    Disable NetBIOS

    Run TDSSKiller.exe

    Boot Kaspersky; run a clean sweep and disinfect what you can; delete the rest

    Boot into Windows; run sfc /scannow at elevated command prompt

    Download and run Trend Micro Housecall. If it fails, start over with TDSSKiller.exe

    Download and run Microsoft Security Essentials. If it fails, start over with TDSSKiller.exe

    Restart, and log in as the user who uses the system.

    Return system to user; log changes

    Notes:_________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________
    ______________________________________________________________________________

    Potrebbero piacerti anche