Virus

Virus:Win32/Expiro.BR removal guide

Malware Removal

The Virus:Win32/Expiro.BR is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Expiro.BR virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is likely packed with VMProtect
  • Authenticode signature is invalid
  • Binary file triggered YARA rule
  • Anomalous binary characteristics
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Virus:Win32/Expiro.BR?



File Info:

name: B49E771D052163B40FDC.mlw
path: /opt/CAPEv2/storage/binaries/00ad80caf44d0d1f85786b5767dcef1b4bc5a57a0cdf66fd8e0fd10dce7e1cf7
crc32: 478F3DCE
md5: b49e771d052163b40fdc8865eb900c1c
sha1: fdf50138006f39240f95bc7206c234460077509a
sha256: 00ad80caf44d0d1f85786b5767dcef1b4bc5a57a0cdf66fd8e0fd10dce7e1cf7
sha512: ff0d4bcd480e026478b940d2245fd0b6ddf1893a45617b6aceeb948cd4409aa979e0078787f702709bb631fc1ed94be00ca9302b63076a688839f2162655317a
ssdeep: 12288:I3FuvVCiisao9Ii3aVinHyRJNrugFTssf0WfkLaqBlJwS4AzL8SH2F7XDs7PV/cf:I3Fu9CiisJaViHQXTJ0WfkLaqFuAzLl
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13D058E1936A01131F4E3F0F1157476230FBA9E296728A7DB15E95AECAF37ADC0834399
sha3_384: 35004fcef5ec5d4bb98c7aea83c5101ff5db506517aff8b01090bfd97d45c5f4147100cb82dfeab09d15ba26c1b75688
ep_bytes: 50905152905390545556575589e581ec
timestamp: 2004-08-04 06:06:08


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Paint
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: MSPAINT
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: MSPAINT.EXE
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Translation: 0x0409 0x04b0

Virus:Win32/Expiro.BR also known as:

BkavW32.Expiro1NHc.PE
LionicVirus.Win32.Expiro.n!c
AVGWin32:Xpirat [Inf]
DrWebWin32.Expiro.60
MicroWorld-eScanWin32.Expiro.Gen.2
FireEyeGeneric.mg.b49e771d052163b4
CAT-QuickHealW32.Expiro.AX
SkyhighBehavesLike.Win32.Ramnit.cc
McAfeeW32/Expiro.gen.o
Cylanceunsafe
ZillyaVirus.Expiro.Win32.89
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 0040f4dc1 )
AlibabaVirus:Win32/Expiro.894133ae
K7GWVirus ( 0040f4dc1 )
Cybereasonmalicious.d05216
BitDefenderThetaAI:FileInfector.1BB980DD12
VirITWin32.Expiro.BT
SymantecW32.Xpiro.D
Elasticmalicious (high confidence)
ESET-NOD32Win32/Expiro.NBG
CynetMalicious (score: 100)
APEXMalicious
ClamAVWin.Virus.Expiro-6993614-0
KasperskyVirus.Win32.Expiro.ao
BitDefenderWin32.Expiro.Gen.2
NANO-AntivirusVirus.Win32.Expiro.clnvwd
AvastWin32:Xpirat [Inf]
TencentVirus.Win32.Expiro.aoe
EmsisoftWin32.Expiro.Gen.2 (B)
F-SecureMalware.W32/Infector.Gen8
BaiduWin32.Virus.Expiro.a
VIPREWin32.Expiro.Gen.2
TrendMicroPE_EXPIRO.JX
Trapminemalicious.high.ml.score
SophosW32/Expiro-H
SentinelOneStatic AI – Malicious PE
GoogleDetected
AviraW32/Infector.Gen8
MAXmalware (ai score=88)
Antiy-AVLVirus/Win32.Expiro.ao
Kingsoftmalware.kb.a.895
MicrosoftVirus:Win32/Expiro.BR
XcitiumVirus.Win32.Expiro.isn@4z1wg0
ArcabitWin32.Expiro.Gen.2
ViRobotWin32.Expiro.Gen.C
ZoneAlarmVirus.Win32.Expiro.ao
GDataWin32.Expiro.Gen.2
VaristExpiro
AhnLab-V3Win32/Expiro4.Gen
Acronissuspicious
ALYacWin32.Expiro.Gen.2
VBA32Virus.Expiro.28B05
MalwarebytesGeneric.Malware.AI.DDS
PandaW32/Expiro.gen
TrendMicro-HouseCallPE_EXPIRO.JX
RisingVirus.Expiro!1.A140 (CLASSIC)
IkarusVirus.Win32.Expiro
MaxSecureVirus.Expiro.W
FortinetW32/Expiro.fam
DeepInstinctMALICIOUS
CrowdStrikewin/malicious_confidence_100% (W)
alibabacloudVirus:Win/Expiro.REUFLERWIREYTK

How to remove Virus:Win32/Expiro.BR?

Virus:Win32/Expiro.BR removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment