Mal/Generic-R + W32/Expiro-S removal guide

The Mal/Generic-R + W32/Expiro-S is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Mal/Generic-R + W32/Expiro-S virus can do?

The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Mal/Generic-R + W32/Expiro-S?


File Info:
name: F37143FB21EB64F4876C.mlw
path: /opt/CAPEv2/storage/binaries/5e3920adfde3be91915e57cd4001239ac14c2c6719888d8073fa8af0f8684bd1
crc32: C3B4C610
md5: f37143fb21eb64f4876c1f02fb8c976e
sha1: d70d919ed350a0fba29ff31a8ea5b6446333d69f
sha256: 5e3920adfde3be91915e57cd4001239ac14c2c6719888d8073fa8af0f8684bd1
sha512: 60421dd027ef9e4c8571c653957b59b954b54a9e59d58df01e48839f5c9de0da86ed2312897648bc2c119b81ae8c48657fe9cc4b7b7d9213683cf240b431d1e2
ssdeep: 12288:xWavq55bCu/PFshkzQ5dQYo4FDfj6Gh7kkAkpMApTjQIpYrygKzM3gRaf:xWaveOmsCEImFDfd7bSApoMjgKzM8a
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1E8E48E946581797AD6B5757E10FF33FAEC6B2E39432A818F51EC1D0E872A5C07D88223
sha3_384: aaa4f62fbcd2ef1997e7db998b6eb58a4d6c9d7b2cc701635518155bfc88bd47813045b2cc58fe4184a4614ee8677a8b
ep_bytes: 605589e581ec08010000c745f40a0000
timestamp: 2012-07-09 03:53:52

Version Info:
CompanyName: Microsoft Corporation
FileDescription: .NET Runtime Optimization Service
FileVersion: 4.0.30319.17929 built by: FX45RTMREL
InternalName: mscorsvw.exe
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: mscorsvw.exe
ProductName: Microsoft® .NET Framework
ProductVersion: 4.0.30319.17929
Comments: Flavor=Retail
PrivateBuild: DDBLD118
Translation: 0x0409 0x04b0

Mal/Generic-R + W32/Expiro-S also known as:

Bkav	W32.Expiro2NHc.PE
Lionic	Virus.Win32.Expiro.lVUO
Elastic	malicious (high confidence)
MicroWorld-eScan	Win32.Expiro.Gen.3
FireEye	Generic.mg.f37143fb21eb64f4
CAT-QuickHeal	W32.Expiro.L4
ALYac	Win32.Expiro.Gen.3
Cylance	Unsafe
Zillya	Virus.Expiro.Win32.41
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Virus ( 0040f4dc1 )
Alibaba	Virus:Win32/Expiro.bcf963aa
K7GW	Virus ( 0040f4dc1 )
Cybereason	malicious.b21eb6
BitDefenderTheta	AI:FileInfector.6CBEB04B12
Cyren	W32/Expiro.BJ
Symantec	W32.Xpiro.F
ESET-NOD32	a variant of Win32/Expiro.NBZ
Baidu	Win32.Virus.Expiro.c
APEX	Malicious
Paloalto	generic.ml
ClamAV	Win.Virus.Expiro-9632139-0
Kaspersky	Virus.Win32.Expiro.ar
BitDefender	Win32.Expiro.Gen.3
NANO-Antivirus	Virus.Win32.Expiro.clnvwd
Avast	Win32:Xpirat [Inf]
Tencent	Virus.Win32.Expiro.tt
Ad-Aware	Win32.Expiro.Gen.3
Emsisoft	Win32.Expiro.Gen.3 (B)
Comodo	TrojWare.Win32.Spy.Zbot.AAZ@1p8hml
DrWeb	Win32.Expiro.80
VIPRE	Virus.Win32.Expiro.p (v)
TrendMicro	PE_EXPIRO.AR
McAfee-GW-Edition	BehavesLike.Win32.Virut.jc
Sophos	Mal/Generic-R + W32/Expiro-S
Ikarus	Virus.Win32.Expiro
GData	Win32.Expiro.Gen.3
Avira	W32/Expiro.NS
MAX	malware (ai score=83)
Antiy-AVL	Trojan/Generic.ASVirus.C5
Gridinsoft	Ransom.Win32.Zbot.sa
Arcabit	Win32.Expiro.Gen.3
Microsoft	Virus:Win32/Expiro.CI
Cynet	Malicious (score: 100)
AhnLab-V3	Win32/Expiro5.Gen
Acronis	suspicious
McAfee	W32/Expiro.gen.p
VBA32	BScope.Trojan.Vilsel
TrendMicro-HouseCall	PE_EXPIRO.AR
Rising	Virus.Expiro!1.A140 (CLASSIC)
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_96%
Fortinet	W32/Expiro.W
AVG	Win32:Xpirat [Inf]
Panda	W32/Expiro.O
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Mal/Generic-R + W32/Expiro-S?

Mal/Generic-R + W32/Expiro-S removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X