Microsoft has removed the Xiazai malware from more than 2 million computers since October 2015, the software giant today announced. The company also blocked 30,000 installations of the malware per month, on average. Xiazai is therefore an active threat that deserves additional attention, according to Microsoft.
Yesterday, the company released an update for its Malicious Software Removal Tool (MSRT). This built-in tool was updated to remove Xiazai from Windows systems.
The Xiazai malware is a browser modifier that appears to be an installer of legitimate software. However together with the legitimate software it installs its own payload. Once that is installed it changes the homepage in the browser and modifies browser shortcuts so that they always start with a Xiazai defined page loaded.
The modifications made by the malware remain, even after Xiazai is deleted. Microsoft Malicious Software Removal Tool, that is automatically started by Windows, removes the malware and restores all system settings.