Mal/Generic-S + W64/Expiro-AV removal guide

The Mal/Generic-S + W64/Expiro-AV is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Mal/Generic-S + W64/Expiro-AV virus can do?

The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Mal/Generic-S + W64/Expiro-AV?


File Info:
name: C965679B72629B425665.mlw
path: /opt/CAPEv2/storage/binaries/4e735bcce8419b51e1c673488178b8e12b6074db4699ff971d3062eb4512eec9
crc32: 9A118A2E
md5: c965679b72629b425665a2bdac365059
sha1: d65011e0879f94d1473c75a7b8c1a650e62d5591
sha256: 4e735bcce8419b51e1c673488178b8e12b6074db4699ff971d3062eb4512eec9
sha512: 81121b44f2218047955f857c7beb9be9640df8b9ee388bc7c8df425144720c3325c3196e2593d8f8fcd41ef2eb9bbc3ba407546d1079e5e4d58839454cdaf658
ssdeep: 12288:hYXJkWHSEuECaG/G8cp+mRWZlT/tdNnm3a:h02WH0mp1aTRm
type: PE32+ executable (GUI) x86-64, for MS Windows
tlsh: T198E4BE20D298ECE7D473C374816E1A56BF713C4D2E5299CB25B8960A3F12F9C7D2A348
sha3_384: 098facc1120aad61dfe7b7442c7656840f778cbf5818f7ab0b7d0298ac815136327e7a251b610ef0475eb6cf82497666
ep_bytes: 43544750514fbc600000000000000065
timestamp: 2021-08-19 02:14:57

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Storage Tiers Management
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: TieringEngineService
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: TieringEngineService.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Mal/Generic-S + W64/Expiro-AV also known as:

Lionic	Virus.Win32.Expiro.n!c
Elastic	malicious (high confidence)
DrWeb	Win64.Expiro.134
MicroWorld-eScan	Win64.Expiro.Gen.6
Cylance	Unsafe
K7AntiVirus	Virus ( 00535e4a1 )
Alibaba	Virus:Win64/Expiro.dad1e4c2
K7GW	Virus ( 00535e4a1 )
Cybereason	malicious.b72629
Cyren	W64/Expiro.R.gen!Eldorado
ESET-NOD32	a variant of Win64/Expiro.CO
TrendMicro-HouseCall	Virus.Win64.EXPIRO.MR
Paloalto	generic.ml
ClamAV	Win.Virus.Expiro-9887910-0
Kaspersky	Virus.Win64.Expiro.rd
BitDefender	Win64.Expiro.Gen.6
NANO-Antivirus	Virus.Win64.Expiro.clnvwd
Avast	Win64:Xpirat [Inf]
Ad-Aware	Win64.Expiro.Gen.6
Sophos	Mal/Generic-S + W64/Expiro-AV
F-Secure	Trojan.TR/Patched.Gen
TrendMicro	Virus.Win64.EXPIRO.MR
McAfee-GW-Edition	Artemis!Virus
FireEye	Generic.mg.c965679b72629b42
Emsisoft	Win64.Expiro.Gen.6 (B)
Ikarus	Virus.Win64.Expiro
Jiangmin	Trojan.Bingoml.avt
Avira	TR/Patched.Gen
MAX	malware (ai score=82)
Antiy-AVL	Trojan/Generic.ASVirus.307
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
GData	Win64.Expiro.Gen.6
Cynet	Malicious (score: 100)
ALYac	Win64.Expiro.Gen.6
APEX	Malicious
Tencent	Win64.Virus.Expiro.Szbh
SentinelOne	Static AI – Malicious PE
MaxSecure	virus.win64.expiro.gen
Fortinet	W64/Expiro.CE
AVG	Win64:Xpirat [Inf]
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Mal/Generic-S + W64/Expiro-AV?

Mal/Generic-S + W64/Expiro-AV removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X