This Virus was made in such a way very month of 3rd it will spread… Now this is not found.

If you found this virus follow these steps to remove.

This document is shows the pro If you face same kind of problem  

First we removed C$ and Admin$ shares from all the computers then run this toolFixBmalE.exe — then uninstall the Symantec Antivirus from the infected machines using add/remove, if it was not removing we used a toolNoNav2.1.exe — Forced Symantec Antivirus Uninstaller.We also make sure not to select use “MSI to uninstall” read all the prompts!after you removed it successfully reinstall the AV from the following location this tool will help you to remove Symantec AV from MSI ( use it only if above fails, remove it and uninstall from add/remove programs)msicuu2.exe — Microsoft MSI cleanup utility 

Install the Symantec AV / Norton AVthen either run this file or liveupdate to install the latest virus definitions20060604-006-x86.exe — Latest virus Definitions…. As some of you may be aware that we experienced a virus (W32.Blackmal.E@mm) outbreak within your offices. The virus has been cleaned from the offices now. However we would like to get all of you working online & offsite to also check your machines. 

Please note that it is imperative that you just follow these simple steps. This virus, if it exists on your machine – will unleash a nasty payload on the 3rd of February and will delete data from your hard drive. 1. Right click on the Symantec task bar symbol and select ‘Open Symantec AntiVirus’: 


2. Insure that you have the latest program installed ’’. 


  • If the above criteria is not met. Please contact your System Administrator

As a last check please run the following tool from your desktop: 

http://securityresponse.symantec.com/avcenter/FixBmalE.exe If anything is reported please send the log file from your desktop (FixBmalE.log). 

I appreciate the time you have taken to check this. I would like to insure this in person, but as a lot of you are working offsite, I need to rely on you following the checks. Thanks once again. 

IT SUPPORT  Engineer.

Optimetrix Integration & Solutions Pvt. Ltd.


2 comments on “W32.Blackmal.E@mm

  1. Dear Sir,

    This is just to thank you for posting this very usefull information, i Appriciate to your efforts and your thought of helping others also for what u had faced in the past.
    I am struggling from the last 2 months to remove this virus from my server. My symantec is Uptodate, i check daily but the Autoprotect always keeps on Poping up saying virus found. no if you suggest me any things else what all i can do then it would be of great help to me.

    Thanks and Regards,

  2. Hi Mubin,

    Try to remove the network cable from the server & uninstall the present symantec software b’cos it would had corrupted. Install the fresh symantec & update using CD or USB then Run FixBMalE.exe & clean infected files(careful while doing this)

    All the Best.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s