What is Rescue Disk?
Trend Micro has created the Rescue Disk to clean infected systems. This tool has the following capabilities:
- Clean infected MBR (Master Boot Record) of the machine
- Scan and clean the infected files of the malware PE_XPAJ.C-1
- Delete files detected as Cryp_Xin14
This tool uses a pattern that is only designed for PE_XPAJ.C-1 and Cryp_Xin14 only. If there are other malware involved, you need to use the latest pattern file. If the detected files cannot be cleaned, Rescue Disk will quarantine the said files.
There is one isolated report wherein the malicious code is not removed from DLLcache. The tool reports clean failed. If you encounter the same situation, run another tool (pe_xpaj-cleantool-32bit-vsapi9716.com) to completely clean the DLLcache.
Where to download Rescue Disk?
You can get the Rescue Disk using the following link:
- Link: ftp://ftp-download.trendmicro.com/Pattern/Bandage/PE_XPAJ_RESCUE_DISK/
- Username: ftpuser
- Password: tmftp-s3cured
For more information about the tool, refer to the instruction manuals included in the package.
Recommended Actions
- Disable network shares if possible.
- Add the following URLs for blocking in the machine's host file to prevent re-infection:
- alfafront.net
- bargorando.com
- kinstelertiong.com
- miclominestar.org
- newtimedescriptor.com
- obweesysho.com
- nortiniolosto.com
- radiovaweonearch.com
- unitmusiceditior.com