Malware

Win32/Expiro.NCT removal

Malware Removal

The Win32/Expiro.NCT is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Expiro.NCT virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Win32/Expiro.NCT?



File Info:

name: B3967C4C9F2E8F14A234.mlw
path: /opt/CAPEv2/storage/binaries/a63a2e69e9b9f42440c479177184a6d4afb9e33566c9b09fce7717aad99a8490
crc32: E61C2CE8
md5: b3967c4c9f2e8f14a23490a419789510
sha1: 2e8cb28cd8363426e3983bd81624e450adf6854d
sha256: a63a2e69e9b9f42440c479177184a6d4afb9e33566c9b09fce7717aad99a8490
sha512: ba08c2b3f45c1940060396219048c92abc10baa1f9ec72c79126a6dcd86e9543bbb6ec014ae345f15520e88203840dabb2388d26e3dd014152cf9dde6bdd4a28
ssdeep: 6144:Lxfuava+ICD+P9VVBTyue+tRxKDQBq5jV8ZMRxzg5Ug06jAlm1XSvitRL:VXadSQCgnKhOZMRxzgLcluiKtt
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T18C44F1CE7D1784D8EEC3B03633A1977E3A9948534B8E1CA47052AB0F24D5C7EB7A15A1
sha3_384: a5495acdb0f8f71ec29cf0197fa40205b5cec2cca8fd50c08e4d5eb9f23e032250cd8e2ad2dbe5744ac322dc2955338f
ep_bytes: 56505129f683c630648b06578b780848
timestamp: 2004-08-20 05:37:10


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Content Index service
FileVersion: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: cisvc.exe
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: cisvc.exe
ProductName: Microsoft® Windows® Operating System
ProductVersion: 5.1.2600.2180
Translation: 0x0409 0x04b0

Win32/Expiro.NCT also known as:

BkavW32.Expiro2NHc.PE
LionicTrojan.Win32.Expiro.4!c
AVGWin32:Evo-gen [Trj]
MicroWorld-eScanWin32.Expiro.Gen.6
FireEyeGeneric.mg.b3967c4c9f2e8f14
McAfeeArtemis!B3967C4C9F2E
CylanceUnsafe
VIPREWin32.Expiro.Gen.6
SangforTrojan.Win32.Save.a
K7AntiVirusVirus ( 00580a951 )
K7GWVirus ( 00580a951 )
Cybereasonmalicious.c9f2e8
CyrenW32/Expiro.AK.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32Win32/Expiro.NCT
CynetMalicious (score: 100)
APEXMalicious
Paloaltogeneric.ml
KasperskyUDS:Virus.Win64.Expiro.rd
BitDefenderWin32.Expiro.Gen.6
NANO-AntivirusVirus.Win32.Gen.ccmw
AvastWin32:Evo-gen [Trj]
Ad-AwareWin32.Expiro.Gen.6
SophosML/PE-A
ComodoVirus.Win32.Expiro.NCT@89jcq8
DrWebWin32.Expiro.143
Trapminemalicious.high.ml.score
EmsisoftWin32.Expiro.Gen.6 (B)
IkarusVirus.Win32.Expiro
GDataWin32.Expiro.Gen.6
JiangminTrojan.Vilsel.bxh
AviraW32/Infector.Gen8
MAXmalware (ai score=89)
Antiy-AVLTrojan/Generic.ASMalwS.5116
ArcabitWin32.Expiro.Gen.6
MicrosoftTrojan:Win32/Wacatac.B!ml
GoogleDetected
BitDefenderThetaAI:FileInfector.1CD444C412
ALYacWin32.Expiro.Gen.6
TACHYONVirus/W32.Expiro
VBA32BScope.Trojan.Packed
RisingVirus.Expiro!8.375 (CLOUD)
SentinelOneStatic AI – Malicious PE
FortinetW32/Expiro.NCT
CrowdStrikewin/malicious_confidence_100% (W)

How to remove Win32/Expiro.NCT?

Win32/Expiro.NCT removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment