About “Virus:Win32/Expiro.EK!MTB” infection

The Virus:Win32/Expiro.EK!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Virus:Win32/Expiro.EK!MTB virus can do?

Authenticode signature is invalid

How to determine Virus:Win32/Expiro.EK!MTB?


File Info:
name: 9877B91D1C1D72344494.mlw
path: /opt/CAPEv2/storage/binaries/dad3b52792c12593310bb3a131713bdeb954f766375301a5b0568a8986e449d4
crc32: 8AF46254
md5: 9877b91d1c1d72344494af59a6b6a5bd
sha1: 6544f16d741619fdf6c2684f5160ca457c3d0009
sha256: dad3b52792c12593310bb3a131713bdeb954f766375301a5b0568a8986e449d4
sha512: 243c05cd0c54f5d54cd30ce93c587cf7332981443cb565f5b619556e0ae50e84e88f406cf607cb5aba866e3fb21f9f19e0cec69210480da26f0bc6c5c908aeed
ssdeep: 12288:ePUMAdB8qr0zw9iXQ40AOzDr5YJjsF/5v3ZkHRik8S:eatr0zAiX90z/F0jsFB3SQkf
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B955230B351F42F3CCC35B715694885B16BB6A70B6E39647E2C13F0FAA381C25926AD7
sha3_384: d497d17b0ee3df75ef541d187b0ab2c95dbe127338058f8418ed8d91a673950f640b69dc30545073a406b61a03ae65c9
ep_bytes: e816fcffffe935fdffff558bec81ec28
timestamp: 2006-10-27 06:53:53

Version Info:
CompanyName: Microsoft Corporation
FileDescription: GrooveMonitor Utility
FileVersion: 0004, 0002, 0000, 0000
InternalName: GrooveMonitor
LegalCopyright: © 2006 Microsoft Corporation.  All rights reserved.
OriginalFilename: GrooveMonitor.exe
ProductName: GrooveMonitor Utility
ProductVersion: 0004, 0002, 0000, 0000
Translation: 0x0000 0x04b0

Virus:Win32/Expiro.EK!MTB also known as:

Bkav	W32.AIDetectMalware
Lionic	Virus.Win32.Expiro.n!c
MicroWorld-eScan	Win32.Expiro.Gen.7
ClamAV	Win.Trojan.Expiro-9937503-0
CAT-QuickHeal	W32.Expiro.R3
Skyhigh	BehavesLike.Win32.Trojan.tt
Malwarebytes	Generic.Malware.AI.DDS
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Virus ( 005a8b911 )
Alibaba	Virus:Win32/Expiro.ec2b06b4
K7GW	Virus ( 005a8b911 )
Cybereason	malicious.d74161
Arcabit	Win32.Expiro.Gen.7
Symantec	W32.Xpiro.J!dam
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win32/Expiro.NDP
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Virus.Win32.Moiva.a
BitDefender	Win32.Expiro.Gen.7
NANO-Antivirus	Virus.Win32.Virut-Gen.bwpxnc
Avast	Win32:Vitro [Inf]
Rising	Trojan.Generic@AI.81 (RDML:YL015kwV4FZckMr4Ft4G5w)
TACHYON	Virus/W32.Movia
Sophos	W32/Moiva-A
F-Secure	Malware.W32/Infector.Gen
DrWeb	Win32.Expiro.158
VIPRE	Win32.Expiro.Gen.7
TrendMicro	Virus.Win32.EXPIRO.JMA
FireEye	Generic.mg.9877b91d1c1d7234
Emsisoft	Win32.Expiro.Gen.7 (B)
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	W32/Infector.Gen
Antiy-AVL	Virus/Win32.Expiro.x
Microsoft	Virus:Win32/Expiro.EK!MTB
ZoneAlarm	Virus.Win32.Moiva.a
GData	Win32.Expiro.Gen.7
Varist	W32/Expiro.AU.gen!Eldorado
AhnLab-V3	Virus/Win.Expiro.X2164
VBA32	Trojan.Sabsik.TE
ALYac	Win32.Expiro.Gen.7
MAX	malware (ai score=80)
Cylance	unsafe
Panda	W32/Moyv.A
Tencent	Virus.Win32.VirMoiva.a
Ikarus	Trojan-Dropper.Win32.Decay
Fortinet	W32/Expiro.NDP!tr
AVG	Win32:Vitro [Inf]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Virus:Win32/Expiro.EK!MTB?

Virus:Win32/Expiro.EK!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X