PE_XPAJ.C is a file infector which affects the files with the following extensions:
It infects the Master Boot Record of the affected system in order to automatically load PE_XPAJ.C-O every time the system boots. The main payload of this file infector is related to advertising and ad-clicking scam to generate revenue. For more information about PE_XPAJ.C, check the Threat Encyclopedia.
What is Rescue Disk?
Trend Micro has created the Rescue Disk to clean infected systems. This tool has the following capabilities:
- Clean infected MBR (Master Boot Record) of the machine
- Scan and clean the infected files of the malware PE_XPAJ.C-1
- Delete files detected as Cryp_Xin14
This tool uses a pattern that is only designed for PE_XPAJ.C-1 and Cryp_Xin14 only. If there are other malware involved, you need to use the latest pattern file. If the detected files cannot be cleaned, Rescue Disk will quarantine the said files.
Where to download Rescue Disk?
You can get the Rescue Disk using the following link:
- Link: ftp://ftp-download.trendmicro.com/Pattern/Bandage/PE_XPAJ_RESCUE_DISK/
- Username: ftpuser
- Password: tmftp-s3cured
For more information about the tool, refer to the instruction manuals included in the package.
- Disable network shares if possible.
- Add the following URLs for blocking in the machine's host file to prevent re-infection: