Virus

Virus:Win32/Expiro.EK!MTB removal

Malware Removal

The Virus:Win32/Expiro.EK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Virus:Win32/Expiro.EK!MTB virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • CAPE detected the shellcode patterns malware family
  • Yara detections observed in process dumps, payloads or dropped files

How to determine Virus:Win32/Expiro.EK!MTB?



File Info:

name: A2A5B77A0AD8760A229C.mlw
path: /opt/CAPEv2/storage/binaries/1979b00c15067b555ca7b782ecb5e445fab4c9ebb60bf6a4f873d1aa7f8d5cdc
crc32: D9C1D0EF
md5: a2a5b77a0ad8760a229c5aa066600fbb
sha1: 6c9572a6c1db3e122fe2476e8fe32f8c9984a3c9
sha256: 1979b00c15067b555ca7b782ecb5e445fab4c9ebb60bf6a4f873d1aa7f8d5cdc
sha512: ca3971386b491b7eb83948199575f57f06b04d71643bf0d48b28d778d456b6fee9dfee085079ab874aa061642ba9909175821a9b679e3565a9d633972e62313a
ssdeep: 24576:+fGxypdl8NDFKYmKOF0zr31JwAlcR3QC0OXxc0H:gGApdlgDUYmvFur31yAipQCtXxc0H
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13675022175C0D0B3D973053045B8E6B1692EFE705F654EEB73A8272E0E706D28D38A6B
sha3_384: 8d8b6c5d20d73b971bb2661cbc930214b4b9621f3b16c648ff613c547a1a1469543dd42bbfce0b984c4c4d583b9727a3
ep_bytes: e87bfe1800e978feffffcccccccccccc
timestamp: 2020-09-06 09:09:42


Version Info:

CompanyName: Adobe Inc.
FileDescription: Adobe Acrobat Update Service
FileVersion: 1.824.39.9311
InternalName: armsvc.exe
LegalCopyright: Copyright © 2020 Adobe Inc. All rights reserved.
OriginalFilename: armsvc.exe
ProductName: Adobe Acrobat Update Service
ProductVersion: 1.824.39.9311
Translation: 0x0409 0x04b0

Virus:Win32/Expiro.EK!MTB also known as:

BkavW32.AIDetectMalware
LionicVirus.Win32.Expiro.n!c
Elasticmalicious (high confidence)
CynetMalicious (score: 100)
FireEyeGeneric.mg.a2a5b77a0ad8760a
CAT-QuickHealW32.Expiro.R3
SkyhighBehavesLike.Win32.Generic.tt
Cylanceunsafe
VIPREWin32.Expiro.Gen.7
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 005a8b911 )
AlibabaVirus:Win32/Expiro.d5819ed7
K7GWVirus ( 005a8b911 )
CrowdStrikewin/malicious_confidence_100% (W)
SymantecW32.Xpiro.J!dam
ESET-NOD32a variant of Win32/Expiro.NDP
APEXMalicious
ClamAVWin.Trojan.Expiro-9962115-0
KasperskyVirus.Win32.Moiva.a
BitDefenderWin32.Expiro.Gen.7
NANO-AntivirusVirus.Win32.Virut-Gen.bwpxnc
MicroWorld-eScanWin32.Expiro.Gen.7
AvastWin32:Vitro [Inf]
TencentVirus.Win32.VirMoiva.a
TACHYONVirus/W32.Movia
SophosW32/Moiva-C
F-SecureMalware.W32/Infector.Gen
DrWebWin32.Expiro.158
TrendMicroVirus.Win32.EXPIRO.JMA
Trapminesuspicious.low.ml.score
EmsisoftWin32.Expiro.Gen.7 (B)
IkarusTrojan.Patched
GDataWin32.Expiro.Gen.7
VaristW32/Expiro.AU.gen!Eldorado
AviraW32/Infector.Gen
Antiy-AVLVirus/Win64.Expiro.dc
Kingsoftmalware.kb.a.878
ArcabitWin32.Expiro.Gen.7
ZoneAlarmVirus.Win32.Moiva.a
MicrosoftVirus:Win32/Expiro.EK!MTB
GoogleDetected
Acronissuspicious
BitDefenderThetaGen:NN.ZexaE.36744.Lz0@amghpZmi
ALYacWin32.Expiro.Gen.7
MAXmalware (ai score=89)
VBA32Trojan.Sabsik.TE
MalwarebytesVirus.M0yv
PandaW32/Moyv.A
RisingTrojan.Generic@AI.97 (RDML:gXUFoxdHdwQI6P05tSQSMA)
SentinelOneStatic AI – Malicious PE
MaxSecureTrojan.Malware.121218.susgen
FortinetW32/Expiro.NDP!tr
AVGWin32:Vitro [Inf]
DeepInstinctMALICIOUS

How to remove Virus:Win32/Expiro.EK!MTB?

Virus:Win32/Expiro.EK!MTB removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment