W32.Xpaj is a particularly sneaky polymorphic virus that infects .exe, .dll, and other legitimate Windows files on the compromised computer. This virus is not completely new. First samples of infected files were detected about four years ago. Back then W32.Xpaj was probably the most sophisticated file infector or at least it was well above the average. The behavior of this virus seems to be the same as the old one but functionality has changed dramatically in recent years. We found a new variant of this virus that does not infect legitimate Windows files anymore. It simply creates executable files containing W32.Xpaj or W32.Xpaj.B malcode and some fake data. Fake data and strings are meant to mimic legitimate Windows files. What is more, the recent variants of this virus have bootkit functionality.
By the way, bootkit-enhanced Trojan horses are very common nowadays as well. It's not a coincidence, it's a trend and we will probably see some more Trojans and viruses with enhanced functionally as it becomes very difficult to hide the presence of malware on infected computers. Another very important aspect of polymorphic viruses - the final behavior is not easily predicted. Malware authors can easily corrupt legitimate system files and crash the whole system. It's not surprising that they try to avoid such behavior.
The latest variants of W32.Xpaj virus can infect the Master Boot Record and run code in Kernel Mode. As for know, the virus seems to be limited to 32-bit executable modules only, however it may infect 64-bit systems as well (the code is already present but may be inactive for some reasons). The virus blocks legitimate antivirus software. We've tested Avast!, Avira Antivir and Hitman Pro and they all failed to remove this virus. As a matter of fact, all these popular security products can't even load properly when the computer is infected by this virus. So, they become pretty much useless. Even when you remove W32.Xpaj virus from the infected computer using additional malware removal software, you need to reinstall or manually restore infected files from backup copies.
Twenty-six files, processes and startup programs infected by W32.Xpaj:
What can be done with W32.Xpaj? Well, malware authors can steal information from the compromised computer, usually computer name, user name and cached passwords. Please note that the latest variants of this virus may accompany more sophisticated spyware modules. However, the most successful payload of this virus is related to advertising and ad-clicking scam and it's very likely that the purpose of Malware.Xpaj remains the same. Especially when the network communication hasn't changed much. The data is encrypted and the virus requests ads from remove server or redirects search results to spammy or sponsored websites. The virus monitors Internet traffic with the goal of intercepting any searches or clicks performed by a user. Ultimately, the user is redirected to websites full of advertisements, which results in the cyber crooks getting paid by the advertisers for obtaining the click. In other words, advertisers throw their money for invalid clicks. In such case, the return of investment is likely to be zero. What a pity.
As you may know, if the computer has one virus, it probably has more. In order to successfully clean the computer affected by W32.Xpaj, you need to remove the bootkit infection first and then run a full system scan with recommend anti-virus software. Last, but not least, W32.Xpaj may spreads through removable, mapped and network drives. If you were unlucky enough to get this virus, please disconnect other computer from the network. To remove this virus from your computer, please follow the removal steps in the removal guide below. If you need help removing this virus, please leave a comment below. Safe surfing folks!
W32.Xpaj removal instructions:
1. Download and run TDSSKiller. Press Start scan for the utility to start scanning.
2. When the scan is over, TDSSKiller displays detected malware. Press Continue to remove found malware.
3. A reboot might require after disinfection. Press Reboot computer to continue.
4. After rebooting, download recommended anti-malware software (direct download) and run a full system scan to remove the remnants of W32.Xpaj virus.
Tell your friends: