Virus

Virus:Win32/Expiro.BA removal tips

Malware Removal

The Virus:Win32/Expiro.BA is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Expiro.BA virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Virus:Win32/Expiro.BA?



File Info:

name: ABA313AA7ADC0ECC0A7E.mlw
path: /opt/CAPEv2/storage/binaries/bb800387597cf0372dfa422c4dd10c123c53f299cc13df484f44a59d8312bca1
crc32: 887B9006
md5: aba313aa7adc0ecc0a7efbae09ef8b10
sha1: f0456642b511770635115b5d044ca181e017c687
sha256: bb800387597cf0372dfa422c4dd10c123c53f299cc13df484f44a59d8312bca1
sha512: 2c260da52f5da46bb2a67231c6f5a3578617fecb58c0363d2d71d318afc91c0aaee25f4d9ce9460869c3afb5f096dfbcf0485bcdf1f125fa1de44b9a71a91b03
ssdeep: 12288:PF9At8QBhG1tGN4Z9fMOL4AkCw/ENyWxiAQw/TNlcrS:9MhkHZBMO8EkEjiAlJlg
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T184E48EBD1B381D36FC7F707E87BAA290086655801D36EE4F9E20F58A250966DF53231E
sha3_384: 49b997185d660ba3a19deba1e73933f199d5935d16409fa263fa79756b6d3bf7b5a22f75636e0bd6adc53ca8c7243995
ep_bytes: 42425041514a4a524153415441555689
timestamp: 2004-08-04 06:01:04


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Network DDE - DDE Communication
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: NETDDE.EXE
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: NETDDE.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Translation: 0x0409 0x04b0

Virus:Win32/Expiro.BA also known as:

BkavW32.ExpiroMVf.PE
LionicVirus.Win32.Expiro.mzG9
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Expiro.Gen.2
ClamAVWin.Virus.Expiro-7867148-0
FireEyeGeneric.mg.aba313aa7adc0ecc
CAT-QuickHealW32.Expiro.AX
SkyhighBehavesLike.Win32.Expiro.jc
McAfeeW32/Expiro.gen.o
Cylanceunsafe
ZillyaVirus.Expiro.Win32.35
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 0040f4dc1 )
AlibabaVirus:Win32/Expiro.9cf1a268
K7GWVirus ( 0040f4dc1 )
CrowdStrikewin/malicious_confidence_100% (W)
BitDefenderThetaAI:FileInfector.1BB980DD12
VirITWin32.Expiro.AG
SymantecW32.Xpiro.D
tehtrisGeneric.Malware
ESET-NOD32Win32/Expiro.NBO
APEXMalicious
CynetMalicious (score: 100)
KasperskyVirus.Win32.Expiro.aq
BitDefenderWin32.Expiro.Gen.2
NANO-AntivirusVirus.Win32.Expiro.clnvwd
AvastWin32:Xpirat [Inf]
TencentVirus.Win32.Expiro.aof
EmsisoftWin32.Expiro.Gen.2 (B)
BaiduWin32.Virus.Expiro.a
F-SecureMalware.W32/Expiro.akoa
DrWebWin32.Expiro.66
VIPREWin32.Expiro.Gen.2
TrendMicroPE_EXPIRO.JX
Trapminemalicious.high.ml.score
SophosW32/Expiro-H
IkarusTrojan.Win32.Spy
GDataWin32.Expiro.Gen.2
JiangminVirus.Expiro.b
GoogleDetected
AviraW32/Expiro.akoa
Antiy-AVLVirus/Win32.Expiro.aq
Kingsoftmalware.kb.a.994
XcitiumVirus.Win32.Expiro.NB@531brf
ArcabitWin32.Expiro.Gen.2
ZoneAlarmVirus.Win32.Expiro.aq
MicrosoftVirus:Win32/Expiro.BA
VaristW32/Expiro.AZ
AhnLab-V3Win32/Expiro4.Gen
Acronissuspicious
ALYacWin32.Expiro.Gen.2
MAXmalware (ai score=100)
VBA32Virus.Expiro.aq
MalwarebytesGeneric.Malware/Suspicious
PandaW32/Expiro.gen
TrendMicro-HouseCallPE_EXPIRO.JX
RisingVirus.Expiro!1.A140 (CLASSIC)
SentinelOneStatic AI – Malicious PE
MaxSecureVirus.Expiro.W
FortinetW32/Expiro.fam
AVGWin32:Xpirat [Inf]
Cybereasonmalicious.2b5117
DeepInstinctMALICIOUS

How to remove Virus:Win32/Expiro.BA?

Virus:Win32/Expiro.BA removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment