UDS:Trojan.Win32.Expiro removal guide

The UDS:Trojan.Win32.Expiro is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What UDS:Trojan.Win32.Expiro virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Authenticode signature is invalid
Anomalous binary characteristics

How to determine UDS:Trojan.Win32.Expiro?


File Info:
name: 457168BF3DFC0369D04E.mlw
path: /opt/CAPEv2/storage/binaries/1e84e2cab20954f071168a4a3837f5d5312df61908a32545561eb87ed9091580
crc32: C67239AF
md5: 457168bf3dfc0369d04e79a2cbc10ec8
sha1: 0a363d224682185cb63689b7d5ac017eed04ab12
sha256: 1e84e2cab20954f071168a4a3837f5d5312df61908a32545561eb87ed9091580
sha512: 8855c2b3605ac2721717a87c557f188dee9b6d1a2955a35942865430d038f5cb310f6524a0a1b071ed305a4794a66c358c0402410b5122e50269b6e3bafc32ef
ssdeep: 12288:us6SX/Cfmcf6SX/CfmYBNj2qUpZ5D4GJTAuqBVf7JL8geQwAU3TO:us6SXs5f6SXsfX2qUpvE3VuD
type: PE32 executable (console) Intel 80386, for MS Windows
tlsh: T1D7259C46633151F2CBA520705F6AF770E5797D71FE08A901EAC1FE3B3B70A8CA518989
sha3_384: 465feb01a36cbf860903ee3584bc71876c51038790ada0bd75c974e3519b54b3dea757e77b0caafdc5da0ad9022e8573
ep_bytes: e8eaf9ffff6a10688883d04ae89fa3ff
timestamp: 2010-11-20 09:00:27

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Windows Command Processor
FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
InternalName: cmd
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: Cmd.Exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 6.1.7601.17514
Translation: 0x0409 0x04b0

UDS:Trojan.Win32.Expiro also known as:

Bkav	W32.AIDetect.malware2
MicroWorld-eScan	Win32.Expiro.Gen.6
ALYac	Win32.Expiro.Gen.6
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
K7AntiVirus	Trojan ( 00561cbf1 )
Alibaba	Trojan:Win32/Expiro.8fae90a1
K7GW	Trojan ( 00561cbf1 )
CrowdStrike	win/malicious_confidence_90% (W)
Cyren	W32/Expiro.AN.gen!Eldorado
Symantec	Downloader
ESET-NOD32	a variant of Win32/Expiro.NDG
APEX	Malicious
Cynet	Malicious (score: 99)
Kaspersky	UDS:Trojan.Win32.Expiro.gen
BitDefender	Win32.Expiro.Gen.6
NANO-Antivirus	Virus.Win32.Gen.ccmw
Avast	Win32:Xpirat-C [Inf]
Tencent	Win32.Virus.Expiro.Pcir
Ad-Aware	Win32.Expiro.Gen.6
Sophos	Mal/Generic-R
DrWeb	Win32.Expiro.150
McAfee-GW-Edition	BehavesLike.Win32.BadFile.dh
FireEye	Generic.mg.457168bf3dfc0369
Emsisoft	Win32.Expiro.Gen.6 (B)
Avira	TR/Patched.Gen
Microsoft	Trojan:Win32/Raccoon.EC!MTB
Gridinsoft	Ransom.Win32.Wacatac.sa
GData	Win32.Expiro.Gen.6 (2x)
McAfee	Artemis!C714184A6745
MAX	malware (ai score=88)
VBA32	BScope.Trojan.Wacatac
Rising	Virus.Expiro!8.375 (CLOUD)
Fortinet	W32/PossibleThreat
AVG	Win32:Xpirat-C [Inf]
Cybereason	malicious.f3dfc0
Panda	Trj/CI.A

How to remove UDS:Trojan.Win32.Expiro?

UDS:Trojan.Win32.Expiro removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X