W32/Kryptik.AX!tr

Much like the also recently detected WORM_KELIHOS.NB, W32/Kryptik.AX!tr is spyware that's designed to steal information related to FTP accounts. W32/Kryptik.AX!tr is distributed by spam e-mail messages that pack W32/Kryptik.AX!tr in UPX to hinder its accurate identification as malware, and SpywareRemove.com malware researchers have confirmed that includes a wide range of information-stealing techniques that are compatible with large quantities of various FTP-related utilities. Since W32/Kryptik.AX!tr is sophisticated and tries to avoid being detected, anti-malware applications usually should be the obvious solution to finding and deleting W32/Kryptik.AX!tr – after which, you also should consider changing any compromised FTP account passwords.

Why W32/Kryptik.AX!tr's Goals Aren't So Cryptic... but Its Methods Might Be

Spam e-mail messages are W32/Kryptik.AX!tr's primary distribution technique, with most samples being formatted to look like legitimate communications from various companies. W32/Kryptik.AX!tr has several functions, all of which appear to be focused on the theft and transfer of confidential FTP account information such as login data. The range of programs that are affected by W32/Kryptik.AX!tr also includes some e-mail clients, file download managers and other utilities, as SpywareRemove.com malware researchers have noted with the summary of vulnerable software shown here:

• ChromePlus
• Comodo
• CuteFTP (and related variants of that software)
• FileZilla
• IncrediMail
• Microsoft Internet Account Manager
• Mozilla Profiles
• NexusFile
• SmartFTP
• Yandex

This list is far from conclusive, but gives examples of just how thorough W32/Kryptik.AX!tr's attacks are in stealing information from a wide range of diverse programs. Besides searching for INI and DAT files that are related to the targeted programs, W32/Kryptik.AX!tr also attempts to track down your account login information through analyzing your Registry.

Even if W32/Kryptik.AX!tr can't steal your password directly, SpywareRemove.com malware analysts also have found that W32/Kryptik.AX!tr will attempt to crack into your accounts by 'guessing' the right password through dictionary attacks that enter common password phrases. Of course, having an unusual and difficult-to-guess password is an essential defense against dictionary attacks, whether they're launched by W32/Kryptik.AX!tr or other PC threats. Passwords such as 'qwerty,' 'password1' or 'windows' are essentially as defensible as having no password at all.

Unraveling the Mystery Behind Removing W32/Kryptik.AX!tr

A W32/Kryptik.AX!tr infection may not show any obvious symptoms of its attacks, but, as shown above, easily can steal large amounts of FTP-related information in a short amount of time. Whenever they're available, trustworthy anti-malware programs should be used to delete W32/Kryptik.AX!tr, but scanning suspicious e-mail files before launching them has a good chance of saving you the trouble of a W32/Kryptik.AX!tr infection to begin with.

After removing W32/Kryptik.AX!tr, SpywareRemove.com malware experts consider it essential to change any potentially compromised passwords related to your e-mail accounts, FTP accounts or other software accounts that are targeted by W32/Kryptik.AX!tr's broad sweeps. Even once W32/Kryptik.AX!tr is removed, if W32/Kryptik.AX!tr had a chance to transmit the stolen information beforehand, criminals still may be able to access and exploit your accounts.