Virus

Should I remove “Virus:Win32/Expiro.AL”?

Malware Removal

The Virus:Win32/Expiro.AL is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Expiro.AL virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Virus:Win32/Expiro.AL?



File Info:

name: C27BEE4855C29C3AEE38.mlw
path: /opt/CAPEv2/storage/binaries/9736efbe2675abc5b17eaf2e7989268fb127ce7a0a863969638b454101ef10ec
crc32: 8941C876
md5: c27bee4855c29c3aee388a9c3ae88c18
sha1: 46f2d540949eda6c4ab4de5c02515b6c2bbe1ecd
sha256: 9736efbe2675abc5b17eaf2e7989268fb127ce7a0a863969638b454101ef10ec
sha512: fdb44022ba1dbdbece006c34b86c793e98207f00ad7c27bf36c9d98818457abde16e633fa0c1334073a3ec555064e8ccb8423d602b6d811021e754d3acb98e5b
ssdeep: 6144:kzIhO6fuw24+LhiW+cK3k7UcfPGdNK8eC9El8yihVBZdDGJWHenFMyuZ6KfglZTX:kL6SLh63/cXG3lLd6W+IZ6KqA1hPVk
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1FC947C119240E139F4E665B3966C332C16F9D9F0573CA3CFD7A10EB96960AC09EB43A7
sha3_384: 41207d4e81740dee9f7500dcb5ba4488963453f504ada7933bfccf4be162f74fdf77fdae50357fa98c2d5dd2ad78b66a
ep_bytes: 50515253545556575589e583ec605356
timestamp: 2008-04-13 18:33:31


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Microsoft® Help
FileVersion: 5.1.2600.5512 (xpsp.080413-0852)
InternalName: WINHLP32.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: WINHLP32.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.5512
Translation: 0x0409 0x04b0

Virus:Win32/Expiro.AL also known as:

BkavW32.Expiro2NHc.PE
LionicVirus.Win32.Xorala.lo87
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Expiro.Gen.2
CAT-QuickHealW32.Expiro.D
SkyhighBehavesLike.Win32.Generic.gh
ALYacWin32.Expiro.Gen.2
ZillyaVirus.Expiro.Win32.21
SangforVirus.Win32.Expiro.wb
K7AntiVirusVirus ( 0040f4dc1 )
BitDefenderWin32.Expiro.Gen.2
K7GWVirus ( 0040f4dc1 )
CrowdStrikewin/malicious_confidence_100% (W)
ArcabitWin32.Expiro.Gen.2
BitDefenderThetaAI:FileInfector.1BB980DD12
VirITWin32.Expiro.V
SymantecW32.Xpiro.E
ESET-NOD32Win32/Expiro.X
APEXMalicious
ClamAVWin.Trojan.Expiro-17
KasperskyVirus.Win32.Expiro.w
AlibabaVirus:Win32/Expiro.f561581e
NANO-AntivirusVirus.Win32.Expiro.jcukc
AvastWin32:Xpiro [Inf]
TencentVirus.Win32.Expiro.b
TACHYONVirus/W32.Expiro.B
SophosW32/Expiro-H
BaiduWin32.Virus.Expiro.d
F-SecureMalware.W32/Expiro.X
DrWebWin32.Expiro.40
VIPREWin32.Expiro.Gen.2
TrendMicroPE_EXPIRO.RAP
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.c27bee4855c29c3a
EmsisoftWin32.Expiro.Gen.2 (B)
SentinelOneStatic AI – Malicious PE
JiangminWin32/Expiro.m
WebrootW32.Malware.Gen
GoogleDetected
AviraW32/Expiro.X
VaristW32/Expiro.T
Antiy-AVLVirus/Win32.Expiro.w
KingsoftWin32.Expiro.pj.192000
XcitiumVirus.Win32.Expiro.ew@4jygz8
MicrosoftVirus:Win32/Expiro.AL
ZoneAlarmVirus.Win32.Expiro.w
GDataWin32.Expiro.Gen.2
CynetMalicious (score: 100)
AhnLab-V3Win32/Expiro.Gen
McAfeeW32/Expiro.gen.a
MAXmalware (ai score=100)
VBA32Virus.Expiro.317
MalwarebytesGeneric.Malware/Suspicious
PandaW32/Expiro.gen
TrendMicro-HouseCallPE_EXPIRO.RAP
RisingVirus.Expiro!1.A140 (CLASSIC)
YandexWin32.Expiro.Gen.4
IkarusTrojan.Win32.Spy
MaxSecureVirus.Expiro.W
FortinetW32/Expiro.W
AVGWin32:Xpiro [Inf]
Cybereasonmalicious.0949ed
DeepInstinctMALICIOUS

How to remove Virus:Win32/Expiro.AL?

Virus:Win32/Expiro.AL removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment