About “Virus:Win64/Expiro.DD!MTB” infection

The Virus:Win64/Expiro.DD!MTB is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Virus:Win64/Expiro.DD!MTB virus can do?

Authenticode signature is invalid
Binary compilation timestomping detected

How to determine Virus:Win64/Expiro.DD!MTB?


File Info:
name: 33F90B5A082EFE5596D4.mlw
path: /opt/CAPEv2/storage/binaries/4324b883bf3868c250a703313c6c6e61835a0498e200b8f633f3deb74b724f40
crc32: 97BFCBBB
md5: 33f90b5a082efe5596d4f0435fe47c4d
sha1: 3c4476b1ae4cd615c5a916ac2ad5ffe6ff9fc171
sha256: 4324b883bf3868c250a703313c6c6e61835a0498e200b8f633f3deb74b724f40
sha512: 74d01b86567f6b85144292689361c259d6f1f061aa42a1d6643692926a36da7dc3e398fee2917fc7f4f36c11f564d77446c7aa3b4dfe628921df8c08f37b1b89
ssdeep: 24576:3O+WHRlMugdD+JsRgZRJ4fM430Eg6nET7M/IiN:+rxlMPdlR8v4UC0Eg6ET7M/I
type: PE32+ executable (console) x86-64, for MS Windows
tlsh: T1275523C465C4E15BF1220EB18C6FF02FC3761F431BA221D36A462B46FF5C9D39AAA615
sha3_384: b6320744f2c7dfa3058d20091ebcb6b6b510b042197a40ecc992df6478720d2152acc6f37c073d4aa7b505fa26536164
ep_bytes: 4883ec28e8571b09004883c428e92afe
timestamp: 2096-02-28 07:10:41

Version Info:
CompanyName: Microsoft Corporation
FileDescription: Rpc Locator
FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
InternalName: locator.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: locator.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 10.0.17134.1
Translation: 0x0409 0x04b0

Virus:Win64/Expiro.DD!MTB also known as:

Bkav	W64.AIDetectMalware
MicroWorld-eScan	Win64.Expiro.Gen.7
ClamAV	Win.Virus.Expiro-9892813-0
CAT-QuickHeal	W32.Expiro.R3
Skyhigh	BehavesLike.Win64.Expiro.tt
VIPRE	Win64.Expiro.Gen.7
Sangfor	Suspicious.Win32.Save.a
K7AntiVirus	Virus ( 00592e701 )
K7GW	Virus ( 00592e701 )
CrowdStrike	win/malicious_confidence_100% (D)
Arcabit	Win64.Expiro.Gen.7
Symantec	ML.Attribute.HighConfidence
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/Expiro.CV
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Virus.Win64.Moiva.a
BitDefender	Win64.Expiro.Gen.7
Avast	Win64:Expiro-AJ [Inf]
Rising	Virus.Expiro!1.A140 (CLASSIC)
Emsisoft	Win64.Expiro.Gen.7 (B)
F-Secure	Malware.W32/Infector.Gen
DrWeb	Win32.Expiro.158
Sophos	W64/Moiva-B
SentinelOne	Static AI – Malicious PE
Google	Detected
Avira	W32/Infector.Gen
Antiy-AVL	Virus/Win64.Expiro.cv
Microsoft	Virus:Win64/Expiro.DD!MTB
ZoneAlarm	Virus.Win64.Moiva.a
GData	Win64.Expiro.Gen.7
Varist	W64/Expiro.AR.gen!Eldorado
AhnLab-V3	Malware/Win.Generic.C5036640
Acronis	suspicious
ALYac	Win64.Expiro.Gen.7
TACHYON	Virus/W64.Movia
Panda	W64/Moyv.A
Tencent	Virus.Win64.VirMoiva.a
Ikarus	Virus.Win64.Expiro
MaxSecure	Trojan.Malware.121218.susgen
Fortinet	W64/Expiro.CU
AVG	Win64:Expiro-AJ [Inf]
Cybereason	malicious.1ae4cd
DeepInstinct	MALICIOUS

How to remove Virus:Win64/Expiro.DD!MTB?

Virus:Win64/Expiro.DD!MTB removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X