Mal/EncPk-JX is a protection mechanism used exclusively by malware. This particular packer is found on a wide variety of different types of malware.
One kind of malware that commonly uses this packer is a family of (almost always Russian) fake anti-virus calling itself "Total Security 2009." When Total Security 2009 is activated, it displays a window that initiates a security scan and reports several bogus threats as discovered. It also uses a balloon pop-up from the taskbar to warn users of threats that are not actually on their computer.
After displaying the fake threat information, Total Security 2009 asks users whether they want to carry on unprotected or pay to remove the "threats." If the user chooses to purchase the fake threat-removal software, they will be taken to a website based in Russia.
In order to install itself, Total Security 2009 creates files and shortcuts in these locations:
- <User>\Application Data\<random 8 digit decimal number>\<same number>.exe
- <Desktop>\Total Security 2009.lnk
- <Start Menu\Programs>\Total Security\Total Security 2009.lnk
It also adds a registry entry to ensure that it is run each time a user logs on:
<8 digit number>
<path to executable>
And a fake entry in the Add or Remove Programs list in the control panel.
Choosing to remove the threat using the control panel will not actually remove it from the affected computer.