Skip to content
1-888-762-8736(M-F 8:00am-5:00pm CST)
1-877-218-7353(M-F 8:00am-5:00pm CST)
href="http://www.trendmicro.com/us/enterprise/index.html" id="ENT-overview-test2" title="SEE ALL ENTERPRISE SOLUTIONS">Enterprise Overview
This file infector is part of a malware family that has affected users in Australia and several other countries on October 2012. Besides infecting files, it also infects the affected system's (MBR) Master Boot Record in order to automatically load itself at system startup, making removal difficult.
To get a one-glance comprehensive view of the behavior of this File infector, refer to the Threat Diagram shown below.
This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It infects the Master Boot Record of the affected system.
It connects to certain websites to send and receive information.
This file infector drops the following files:
(Note: %Windows% is the Windows folder, which is usually C:\Windows.)
This file infector infects the following file types:
It infects the Master Boot Record of the affected system in order to perform the following routines:
This file infector connects to the following URL(s) to check for an Internet connection:
It connects to the following website to send and receive information:
The main payload of this file infector is related to advertising and ad-clicking scam to generate revenue.
This file infector also runs in 64-bit versions of Windows.
It also generates 197 URLs to connect to using a Domain Generation Algorithm.
Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.
Identify files detected as PE_XPAJ.C-O, then restore the Master Boot Record and delete malware files using Recovery Console
This procedure allows the user to identify and delete malware/grayware files, and restore the Master Boot Record using Recovery Console:
• On Windows XP and Server 2003 systems:
• On Windows Vista and 7 systems:
Search and delete this file
To manually delete a malware/grayware file from an affected system:
• For Windows 2000, Windows XP, and Windows Server 2003:
• For Windows Vista and Windows 7 users:
Scan your computer with your Trend Micro product to delete files detected as PE_XPAJ.C-O. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Restore your system's Master Boot Record (MBR)
To restore your system's Master Boot Record (MBR):
• On Windows 2000, XP, and Server 2003:
• On Windows Vista and 7:
NOTES: Trend Micro Rescue Disk scans and cleans systems infected with XPAJ variants.
For further instructions on how to use this tool, you may refer to the Rescue Disk Instruction Page.
Connect with us on
| | | |