EXP/JS.Expack

Posted: January 22, 2013

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	7/10
Infected PCs:	6

First Seen:	January 22, 2013
OS(es) Affected:	Windows

EXP/JS.Expack is a group of JavaScript-based browser exploits that are used for the purpose of installing malicious software on your computer. EXP/JS.Expack is particularly associated with the Cool Exploit Kit, which distinguishes itself by using zero-day vulnerabilities, although other exploit kits also may utilize EXP/JS.Expack with a variety of different attacks – all of which ultimately result in drive-by-downloads against your PC. Since EXP/JS.Expack is a browser-based PC threat, there's no need to remove EXP/JS.Expack from your computer, but any unprotected contact with EXP/JS.Expack will result in the presence of other malware on your PC that should be removed with appropriate anti-malware applications. SpywareRemove.com malware researchers note that banking Trojans, rootkits and other high-level PC threats usually are the payloads for attacks like EXP/JS.Expack, which may trigger without symptoms.

Keeping EXP/JS.Expack from Having Its Way with Your Web Browser

EXP/JS.Expack, as a JavaScript attacker, is compatible with any PC and browser that has JavaScript both installed and enabled. Because EXP/JS.Expack is just one of many PC threats that abuse JavaScript for their own ill ends, SpywareRemove.com malware researchers emphasize that many browsers include features for disabling EXP/JS.Expack by default. This is strongly recommended while you're browsing untrustworthy sites that could host EXP/JS.Expack – either in their advertising networks or their primary content.

Because EXP/JS.Expack is just one component of exploit kits like the Cool Exploit Kit and Blacole, EXP/JS.Expack may be encountered through various website-based ruses, but always seeks to set up sogue software onto your machine. If you use an unprotected web browser with JavaScript enabled, EXP/JS.Expack may install a wide range of Trojans, scamware and other PC threats automatically. Like many drive-by-download attacks, EXP/JS.Expack may not show any symptoms while EXP/JS.Expack does this.

Recovering from a Spiral into EXP/JS.Expack-Assisted Infection

In scenarios where you believe that EXP/JS.Expack already has triggered and installed malware onto your computer, SpywareRemove.com malware research team strongly encourages that you react under the assumption that EXP/JS.Expack has installed credible threats to your PC that should be removed hastily. Many such PC threats, such as rootkits and banking Trojans, display a minimum of symptoms and can be virtually undetectable without any help from dedicated anti-malware programs.

Thankfully, appropriate anti-malware software should be able to eliminate the payloads of an EXP/JS.Expack attack without any trouble – particularly if you choose to utilize system scans from Safe Mode. In spite of this, SpywareRemove.com malware researchers always recommend that you use the right browser security features to keep EXP/JS.Expack and other exploits from succeeding in the first place. In addition to disabling JavaScript, you should also consider other web-browsing safety features, both for your browser and any compatible anti-malware programs, that can block potentially hazardous web content like EXP/JS.Expack from your computer.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

71bbb57afd910f17a338c6e1d465bc92.text_html

File name: 71bbb57afd910f17a338c6e1d465bc92.text_html
Size: 21.18 KB (21184 bytes)
MD5: 71bbb57afd910f17a338c6e1d465bc92
Detection count: 91
Mime Type: unknown/text_html
Group: Malware file
Last Updated: February 12, 2013

914b1c532a10420de0ccf46a2e18fb5c.text_html

File name: 914b1c532a10420de0ccf46a2e18fb5c.text_html
Size: 23.15 KB (23157 bytes)
MD5: 914b1c532a10420de0ccf46a2e18fb5c
Detection count: 88
Mime Type: unknown/text_html
Group: Malware file
Last Updated: February 12, 2013

96e8ed678ecffbe9ffc678f1ad442e60.text_html

File name: 96e8ed678ecffbe9ffc678f1ad442e60.text_html
Size: 22.85 KB (22858 bytes)
MD5: 96e8ed678ecffbe9ffc678f1ad442e60
Detection count: 87
Mime Type: unknown/text_html
Group: Malware file
Last Updated: February 12, 2013

4a79a8cb06c3866bf3353d5be76f2229.text_html

File name: 4a79a8cb06c3866bf3353d5be76f2229.text_html
Size: 25.44 KB (25441 bytes)
MD5: 4a79a8cb06c3866bf3353d5be76f2229
Detection count: 86
Mime Type: unknown/text_html
Group: Malware file
Last Updated: February 12, 2013

55d0a03f93bf651d3b35b0a4c93be9f3.text_html

File name: 55d0a03f93bf651d3b35b0a4c93be9f3.text_html
Size: 19.86 KB (19866 bytes)
MD5: 55d0a03f93bf651d3b35b0a4c93be9f3
Detection count: 81
Mime Type: unknown/text_html
Group: Malware file
Last Updated: February 12, 2013