Virus

Virus:Win32/Expiro.S removal guide

Malware Removal

The Virus:Win32/Expiro.S is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
6-day free trial available.

What Virus:Win32/Expiro.S virus can do?

  • At least one process apparently crashed during execution
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Anomalous binary characteristics

How to determine Virus:Win32/Expiro.S?


File Info:

name: A63C9EDE30CDFCC418F4.mlw
path: /opt/CAPEv2/storage/binaries/6bbb7fdaa7ea21d624cf5006edee807410f43e4d5cbf65e338a48cfbb8406ff2
crc32: 9BF5AEE1
md5: a63c9ede30cdfcc418f47b1adc898fea
sha1: 3c11d734156b8e5c5e36b2721f7d4a2bc036004b
sha256: 6bbb7fdaa7ea21d624cf5006edee807410f43e4d5cbf65e338a48cfbb8406ff2
sha512: b8dd12c9ed599dab151a808cf939a2f2b43c3cb0093f2bd4c63060b00c3a60892feac11e00963f14477ccb6ecd335b10a3716d4e212436f31c3996a14fdf4096
ssdeep: 3072:BFpQQDO+41YmbQyRPkADIRnrxSuyJ1gjuYUEHhE2YKHMq8gus0/KOlvCwnrOtO44:BDQ1VY7yScIRouWgiOLDZSy8JGZM
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T13F446B3164E4DE3DE49D20B0596CB154896C527233245FDF4B4C1EEEFA36ABE7934086
sha3_384: 73d42165011fcb40cbe4a159a15bf004f2fb3fcd47f9685d31ca7b9f6af850dddaac90de7c4eaddbae59aa96640fd4dc
ep_bytes: 605589e583ec58535657be02000000bf
timestamp: 2004-08-04 06:02:48

Version Info:

CompanyName: Microsoft Corporation
FileDescription: Image Mastering API
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: imapi
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: imapi.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Translation: 0x0409 0x04b0

Virus:Win32/Expiro.S also known as:

BkavW32.sysExeAttk.PE
Elasticmalicious (high confidence)
MicroWorld-eScanWin32.Expiro.Gen.2
FireEyeGeneric.mg.a63c9ede30cdfcc4
CAT-QuickHealW32.Expiro.D
ALYacWin32.Expiro.Gen.2
CylanceUnsafe
VIPREWin32.Expiro.Gen.2
K7AntiVirusVirus ( 0040f4dc1 )
K7GWVirus ( 0040f4dc1 )
Cybereasonmalicious.e30cdf
BaiduWin32.Virus.Expiro.d
VirITWin32.Expiro.W
CyrenW32/Expiro.O
SymantecW32.Xpiro.D
ESET-NOD32a variant of Win32/Expiro.NBA
APEXMalicious
ClamAVWin.Virus.Sodinokibi-9755637-0
KasperskyVirus.Win32.Expiro.w
BitDefenderWin32.Expiro.Gen.2
NANO-AntivirusVirus.Win32.Expiro.josia
AvastWin32:Xpiro [Inf]
TencentVirus.Win32.Expiro.p
Ad-AwareWin32.Expiro.Gen.2
ComodoVirus.Win32.Expiro.win@4mxffb
DrWebWin32.Expiro.23
TrendMicroPE_EXPIRO.RAP
McAfee-GW-EditionW32/Expiro.gen.a
Trapminemalicious.high.ml.score
SophosML/PE-A + W32/Expiro-H
SentinelOneStatic AI – Malicious PE
GDataWin32.Expiro.Gen.2
JiangminWin32/Expiro.h
AviraW32/Expiro.E
MAXmalware (ai score=83)
Antiy-AVLTrojan/Generic.ASVirus.160
ViRobotWin32.Expiro.Gen.B
ZoneAlarmVirus.Win32.Expiro.w
MicrosoftVirus:Win32/Expiro.S
CynetMalicious (score: 100)
AhnLab-V3Win32/Expiro2.Gen
McAfeeW32/Expiro.gen.a
VBA32Virus.Win32.Expiro.SEP.4
MalwarebytesMalware.Heuristic.1001
TrendMicro-HouseCallPE_EXPIRO.RAP
RisingVirus.Expiro!1.A140 (CLASSIC)
YandexWin32.Expiro.Gen.3
IkarusVirus.Win32.Expiro
MaxSecureVirus.Expiro.W
FortinetW32/Expiro.fam
BitDefenderThetaAI:FileInfector.1BB980DD12
AVGWin32:Xpiro [Inf]
PandaW32/Expiro.gen
CrowdStrikewin/malicious_confidence_100% (D)

How to remove Virus:Win32/Expiro.S?

Virus:Win32/Expiro.S removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment