How to remove TR/Crypt.XPACK.gen virus that detected by Avira anti-virus software? Have you experienced with Avira and your computer is freezing due to this malware? Every time you turn on your computer and your Avira security tool has been popping up constantly with this kind of variant message. And nothing can stop this. What to do?

Trojan Horse Exploit:JAVA/CVE-2013-0422.C Description

The TR/Crypt.XPACK.gen virus is a malicious javascript file that takes over the computer and will redirect any search performed on popular search engines such as Google, Bing, Yahoo, AOL, and Ask to an advertisement or landing page that is controlled by the computer hackers. These sites are typically sites that provide the hackers with some form of revenue, either per page view or per download. They will often force the user into clicking on an ad or imagine that then provides them with a financial reward. Their goal with this virus is to mass install it across millions of computers and then rotate these revenue producing sites to evenly distribute clicks and downloads.

The TR/Crypt.XPACK.gen virus is part of the Win32 group of computer viruses and it is passed on after visiting infected websites that have vulnerable java software or adobe software. You will know if your computer has been hit if there is a file installed named chromeupdate.crx located in the %LOCALAPPDATA% folder. This is not always easy to spot, but if you notice that search queries are automatically being redirected to advertisements or pages that you did not request then it is worth looking into this possibility.

Note: What is the best way to get rid of this Trojan infection since antivirus programs have failed to remove it? Manual removal is suggested here as it is a guaranteed complete removal. Contact YooSecurity Online PC Expert to get further help in removing  this Trojan infection.

Why did you get TR/Crypt.XPACK.gen virus on your computer and what will it do?

Once installed, the TR/Crypt.XPACK.gen virus does a great job of hiding itself and masking itself as a legitimate Firefox or Google Chrome file. The two most popular names it will generate is “Translate This 2.0” or “ChromeUpdateManager 1.0” and these files names can easily go undetected as they appear to be valid extensions.

Steps on How to Get Rid of TR/Crypt.XPACK.gen Trojan Virus

Step 1: Open Windows Task Manager to end processed related to [Crypt.XPACK.gen]. To do that, press Ctrl+Alt+Del keys at the same time or right click on bottom Task Bar and select Start Task Manager.

Step 2: Show hidden files. Go to Folder Options from Control Panel. Under View tab, select Show hidden files and folders and non-select Hide protected operating system files (Recommended) then click OK.

Step 3: Go to Registry Editor. First press Windows+R keys and then type regedit in Run box to search for TR/Crypt.XPACK.gen. Delete all the following or those related to the following files and registry entries:

%AllUsersProfile%\Application Data\.dll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit”
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\{rnd}=disable

Video on How to Modify or Change Windows Registry


Unlike most computer viruses this one does not aim to steal personal information or access banking information. The TR/Crypt.XPACK.gen virus is strictly used to generate income through Affiliate links, pay per click, and pay per download programs. Of course it is always a good idea to delete these files immediately from the computer once discovered, but one should not be gravely worried in the same way that they should be if a financial phishing virus was detected. So don’t leave it on your computer for long, find an efficient way to clean it out to keep your computer safe.

Note: Still having the same problem after every reboot? Can’t get rid of TR/Crypt.XPACK.gen virus from your computer by yourself? Contact Online PC Expert to get help from professionals online if you have no clue.

Published by Tony Shepherd & last updated on February 18, 2013 3:44 am

Leave a Reply