Skip to content
1-888-762-8736(M-F 8:00am-5:00pm CST)
1-877-218-7353(M-F 8:00am-5:00pm CST)
href="http://www.trendmicro.com/us/enterprise/index.html" id="ENT-overview-test2" title="SEE ALL ENTERPRISE SOLUTIONS">Enterprise Overview
This file infector is part of a malware family that has affected users in Australia and several other countries on October 2012. Besides infecting files, it also infects the affected system's (MBR) Master Boot Record in order to automatically load itself at system startup, making removal difficult.
To get a one-glance comprehensive view of the behavior of this File infector, refer to the Threat Diagram shown below.
This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It infects the Master Boot Record of the affected system.
It connects to certain websites to send and receive information.
This file infector drops the following files:
(Note: %Windows% is the Windows folder, which is usually C:\Windows or C:\WINNT.)
This file infector infects the following file types:
It infects the Master Boot Record of the affected system in order to perform the following routines:
This file infector connects to the following URL(s) to check for an Internet connection:
It connects to the following website to send and receive information:
The main payload of this file infector is related to advertising and ad-clicking scam to generate revenue.
This file infector also runs in 64-bit versions of Windows.
It also generates 197 URLs to connect to using a Domain Generation Algorithm.
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Identify files detected as PE_XPAJ.C-O, then restore the Master Boot Record and delete malware files using Recovery Console
This procedure allows the user to identify and delete malware/grayware files, and restore the Master Boot Record using Recovery Console :
Search and delete this file
To delete the malware/grayware/spyware file:
Scan your computer with your Trend Micro product to delete files detected as PE_XPAJ.C-O. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Restore your system’s Master Boot Record (MBR)
To restore your system's Master Boot Record (MBR):
NOTES: Trend Micro Rescue Disk scans and cleans systems infected with XPAJ variants.
For further instructions on how to use this tool, you may refer to the Rescue Disk Instruction Page.
Connect with us on
| | | |