It turns out that the infection came via teamviewer application for remote control, either 0day exploit or brute force and then the intruder could execute the trojan
Link? I see quite a few apprently legitimate links (I say legitimate because one normally doesn't charge for trojans) where did the bad copy come from?