Trojan.Exprez.B is a recent update to Dorifel, a virus that infects executable files, Word documents and Excel spreadsheets. Other than some enhanced self-distribution capabilities, Trojan.Exprez.B doesn’t appear to have any extra features that are currently-functional, although SpywareRemove.com malware experts have noted some instances of Trojan.Exprez.B making contact with URLs that could be a precursor to Trojan.Exprez.B being designed to include downloading or backdoor-related features in the future. Files that are infected by Trojan.Exprez.B can be fully recovered by a combination of dutiful usage of anti-virus software and some minor user effort (such as renaming mislabeled file extensions), and SpywareRemove.com malware experts recommend that you use anti-malware scans for Trojan.Exprez.B’s deletion as a matter of course.
Trojan.Exprez.B: When a Small File Change Turns Out to Be a Big Deal
Trojan.Exprez.B is an update to Dorifel or W32/XDocCrypt.a, and keeps the primary functions of these PC threats while adding a few extras on top. The Trojan.Exprez.B update to Dorifel also has been confirmed for compatibility with Windows 7, along with several other versions of that OS (XP, Vista and 2000). Like any virus, Trojan.Exprez.B’s foremost function is to propagate itself by adding its own code to unrelated files – in Trojan.Exprez.B’s case, EXE, DOCX, DOC, XLS and XLSX files. These files types include the standard executable type for programs, as well as widely-used Microsoft Office formats for Word and Excel.
Although Trojan.Exprez.B changes a given file type to an .exe (if it isn’t already that file type) in the act of infecting it, Trojan.Exprez.B’s functions also include capabilities that allow these files to be launched and displayed as normal in their default programs. For example, a Trojan.Exprez.B-infected DOC file would still display normally in Microsoft Word, despite its actual file type being changed to an executable (something that SpywareRemove.com malware experts note can be discerned via the Command Prompt or the ‘Type’ field of Windows Explorer). Other than these file type changes and some minor file size increases, Trojan.Exprez.B infections don’t show obvious symptoms of their attacks.
Future variants of Trojan.Exprez.B may include other features that are related to contacting C&C servers or downloading malicious files, since SpywareRemove.com malware researchers have noted instances of Trojan.Exprez.B using seemingly-harmless image files as an obscure means of contacting malicious URLs without permission.
Scrubbing the Taint of Trojan.Exprez.B Off of Your Hapless Files
Trojan.Exprez.B should be removed with anti-malware products that have a good history against viruses and other file-infecting PC threats. However, any system scans should also be thorough enough to delete other PC threats that are associated with Trojan.Exprez.B, such as its Trojan dropper, Trojan.Exprez.B!gen2. Although files infected by Trojan.Exprez.B are encrypted, the encryption algorithm is a standard one that should be breakable with ease by anti-malware and decryption programs.
Besides its virus-based means of propagation, Trojan.Exprez.B may also be distributed via removable drives (such as USB devices) or networks, just as a worm would be able to infect new PCs. Contact with other PCs should be avoided until you’ve verified that all of your files are cleansed of Trojan.Exprez.B and related PC threats.
Trojan.Exprez.B Automatic Detection Tool (Recommended)
Is your PC infected with Trojan.Exprez.B? To safely & quickly detect Trojan.Exprez.B, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Trojan.Exprez.B What happens if Trojan.Exprez.B does not let you open SpyHunter or blocks the Internet?
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name 1 %UserProfile%\Application Data\Microsoft\[EIGHT RANDOM UPPERCASE CHARACTERS].exe 2 %Windir%\xpsp2res.dll 3 [ORIGINAL FILE NAME].docx becomes [ORIGINAL FILE NAME]xcod.scr
Posted: June 15, 2012 | By SpywareRemove
Threat Level: 9/10
Rate this article:
Detection Count: 23