Trojan.Exprez.B is a computer threat that infects files with extensions such as .exe, .doc, and .docx. Trojans of this kind are typically using tricks so that user may install them on the computer. This Threat does not only cause damages to affected files, it may also provide some actions that can lead to system malfunction. It is vital to deal with this Trojan at once before it can spread on files inside the computer.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
If user executes Trojan.Exprez.B, it will create a copy of itself under Users Application folder. Then it will move this file to Windows directory when user restarts Windows. The Trojan will then search for files with extensions like .exe, .doc, and .docx. It will decrypt these files and affix them with harmful code. Affected files will be renamed to Trojans own unique extension. Here are some examples:
Letter.doc turns into Letter.cod.scr
Note.docx turns into Note.xcod.scr
During diagnostic, it was found that removing the Trojan deactivates the encryption for affected .exe files. Thus, there is no need to decrypt infected files in order to run them. However, all MS Word files needs manual reset of extension name.
This kind of Trojan usually spreads through file-sharing networks. In most occasions, Trojan.Exprez.B or other threats of the same kind are embedded into legitimate executable files that users frequently downloads from shared public server. Using an advance technique, it often conceals itself from antivirus software. Spam email message is another channel to distribute the Trojan to unspecified target. It may arrive as an attached file that disguises as item worth opening.