Virus

Virus:Win32/Expiro.CD removal guide

Malware Removal

The Virus:Win32/Expiro.CD is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Expiro.CD virus can do?

  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Virus:Win32/Expiro.CD?



File Info:

name: A7C4EB51F32114BAFC27.mlw
path: /opt/CAPEv2/storage/binaries/c5939e9457f7f130a5ba83bc6d19f82fd3572ef81ba2e1e7fbbcb930616d915b
crc32: 780C48A6
md5: a7c4eb51f32114bafc27e3e10da5c415
sha1: eb1d1973b8f5917d16fb8e443d1d8fb85f95bdfc
sha256: c5939e9457f7f130a5ba83bc6d19f82fd3572ef81ba2e1e7fbbcb930616d915b
sha512: 3cc00aaa1b41a4255b22a59cba2941fa729e80583ac887d523d4b24871ff117be0bd794d822e523781922e01fd9f11f7423fe28a1aed8f045d1ad11eb3e74b97
ssdeep: 6144:YJDGxAbn0wbQhLny4U9T7YyHq31N0e9G8Hm6CjdydO+UE/bD2oCDZ0bmHRtjeY2p:3W9PRKlUAC0ZXGZ0bI/e5PdOgTQq
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1ACE47D97651673E8FB60A03BCBB346CD41C816799B225B03C371EB6C77A5606B42887F
sha3_384: 85413c2643296e519e1067f1c3bf64e6963807432ef257acb566473298014a5c71d89c4e61387cb78dfa1760b13a5dd1
ep_bytes: 605589e581ec08010000c745f8010000
timestamp: 2012-07-09 03:53:52


Version Info:

CompanyName: Microsoft Corporation
FileDescription: .NET Runtime Optimization Service
FileVersion: 4.0.30319.17929 built by: FX45RTMREL
InternalName: mscorsvw.exe
LegalCopyright: © Microsoft Corporation.  All rights reserved.
OriginalFilename: mscorsvw.exe
ProductName: Microsoft® .NET Framework
ProductVersion: 4.0.30319.17929
Comments: Flavor=Retail
PrivateBuild: DDBLD118
Translation: 0x0409 0x04b0

Virus:Win32/Expiro.CD also known as:

BkavW32.Expiro2NHc.PE
Elasticmalicious (high confidence)
DrWebWin32.Expiro.80
CynetMalicious (score: 100)
McAfeeW32/Expiro.gen.p
CylanceUnsafe
ZillyaVirus.Expiro.Win32.42
SangforSuspicious.Win32.Save.a
K7AntiVirusVirus ( 0040f4dc1 )
K7GWVirus ( 0040f4dc1 )
CrowdStrikewin/malicious_confidence_100% (D)
BitDefenderThetaAI:FileInfector.6CBEB04B12
VirITWin32.Expiro.AL
CyrenW32/Expiro.BG
SymantecW32.Xpiro.F
ESET-NOD32Win32/Expiro.AY
TrendMicro-HouseCallPE_EXPIRO.AR
ClamAVWin.Trojan.Expiro-34
KasperskyVirus.Win32.Expiro.ar
BitDefenderWin32.Expiro.Gen.3
NANO-AntivirusVirus.Win32.Expiro.clnvwd
MicroWorld-eScanWin32.Expiro.Gen.3
AvastWin32:Xpirat [Inf]
TencentVirus.Win32.Expiro.aab
Ad-AwareWin32.Expiro.Gen.3
SophosML/PE-A + W32/Expiro-S
ComodoTrojWare.Win32.Spy.Zbot.AAZ@1p8hml
BaiduWin32.Virus.Expiro.c
VIPREWin32.Expiro.Gen.3
TrendMicroPE_EXPIRO.AR
Trapminemalicious.high.ml.score
FireEyeGeneric.mg.a7c4eb51f32114ba
EmsisoftWin32.Expiro.Gen.3 (B)
IkarusVirus.Win32.Expiro
GDataWin32.Expiro.Gen.3
AviraW32/Expiro.NU
Antiy-AVLTrojan/Generic.ASVirus.C5
MicrosoftVirus:Win32/Expiro.CD
SentinelOneStatic AI – Malicious PE
AhnLab-V3Win32/Expiro5.Gen
VBA32Virus.Expiro.2414
ALYacWin32.Expiro.Gen.3
MAXmalware (ai score=87)
MalwarebytesMalware.AI.2545309858
APEXMalicious
RisingVirus.Expiro!1.A140 (CLASSIC)
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Expiro.W
AVGWin32:Xpirat [Inf]
Cybereasonmalicious.1f3211
PandaW32/Expiro.O

How to remove Virus:Win32/Expiro.CD?

Virus:Win32/Expiro.CD removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment