TR/Crypt.XPACK.Gen and its variant spreads mostly via email but can also utilize auto run capabilities of removable media, or install via a drive-by infection when the user
- Through a presence of Vulnerability in the OS or App used when a
- Visit to a compromised or malicious webpage.
Once the infected binary file is installed to a machine it connects to a C&C (command and control server), and also monitors for internet activity and uploads stolen data. Its presence is highly obfuscated as anti virus will not detect.
How to Remove
Tools such as TDSSKiller (designed to detect and remove known rootkits such as TDSS, SST, Pihar, ZeroAccess, Sinowal, Whistler, Phanta, Trup. Rloader, Cmoser, Cidox and similar anomalies) is quiet effective and can promptly remove this medium rated risk. However medium rated risk it is this malware is dangerous and frustrating to many IT such that if not capable the Trojan can go on without detection. It takes effort and capability to pin point and effectively remove. After running TDSSKiller it is recommended you also run the following tools
2. RogueKiller | To clean the registry keys left by the malware