Malware

Win32/Expiro.W removal guide

Malware Removal

The Win32/Expiro.W is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Expiro.W virus can do?

  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid

How to determine Win32/Expiro.W?



File Info:

name: 057745E3225E13DC0254.mlw
path: /opt/CAPEv2/storage/binaries/505384b541e35d53430b59fc41fa2c4f9d42ace37bcf75c909923fe67f5815f4
crc32: F9FE5077
md5: 057745e3225e13dc025454cd194348de
sha1: 02d7918d0d99e702999f76b69c29c10682091fd1
sha256: 505384b541e35d53430b59fc41fa2c4f9d42ace37bcf75c909923fe67f5815f4
sha512: d7c42f79acbda0cdd8cb311e58e0ccca5c1ad069e90be6355223cbbbe31c8a30696e585ef3ef52527fd210d04b61113b49178a99a699cfd601259308faffeb57
ssdeep: 3072:bTB4LWkPAsfq+G9g8KWCxF2sJ+yfAmLJvw8HjO3yQzUfeO2w8MVowNHIOUjPK:Dw+sguJvNHO/zqeOr7ZNmK
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T171049DB0FD845000F9A299F05F78B553064BB450BFB1AAFB32245D576EB93D4CAB8782
sha3_384: 740fac6e4098a6018516130fa2c812c9c6fb4bb374235add38b214e66c2401b7b68f1fe3057f52d60cabac1eed9b2408
ep_bytes: 90605589e583ec64535657bf02000000
timestamp: 1992-05-17 16:49:42


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Windows® installer
FileVersion: 5.0.15063.0 (WinBuild.160101.0800)
InternalName: msiexec
LegalCopyright: © Microsoft Corporation. All rights reserved.
OriginalFilename: msiexec.exe
ProductName: Windows Installer - Unicode
ProductVersion: 5.0.15063.0
Translation: 0x0409 0x04b0

Win32/Expiro.W also known as:

BkavW32.AIDetectMalware
Elasticmalicious (high confidence)
DrWebWin32.Expiro.40
MicroWorld-eScanWin32.Expiro.Gen.2
FireEyeGeneric.mg.057745e3225e13dc
CAT-QuickHealW32.Expiro.D
SkyhighBehavesLike.Win32.Generic.ch
McAfeeW32/Expiro.gen.l
Cylanceunsafe
SangforSuspicious.Win32.Save.a
CrowdStrikewin/malicious_confidence_100% (D)
AlibabaVirus:Win32/Expiro.ddcb67c2
K7GWVirus ( 0040f4dc1 )
K7AntiVirusVirus ( 0040f4dc1 )
BitDefenderThetaAI:FileInfector.1BB980DD12
SymantecW32.Kakavex
ESET-NOD32Win32/Expiro.W
APEXMalicious
TrendMicro-HouseCallPE_EXPIRO.RAP
AvastWin32:Expiro-Y
ClamAVWin.Trojan.Expiro-19
KasperskyVirus.Win32.Expiro.w
BitDefenderWin32.Expiro.Gen.2
NANO-AntivirusVirus.Win32.Expiro.veqbk
TencentVirus.Win32.Expiro.aad
EmsisoftWin32.Expiro.Gen.2 (B)
F-SecureTrojan.TR/Patched.Gen
BaiduWin32.Virus.Expiro.d
VIPREWin32.Expiro.Gen.2
TrendMicroPE_EXPIRO.RAP
Trapminemalicious.high.ml.score
SophosW32/Expiro-H
MAXmalware (ai score=85)
GDataWin32.Expiro.Gen.2
JiangminWin32/Expiro
GoogleDetected
AviraTR/Patched.Gen
VaristW32/Expiro.R
Antiy-AVLVirus/Win32.Expiro.ae
KingsoftWin32.Expiro.pj.192000
XcitiumVirus.Win32.Expiro.niw@4na58w
ArcabitWin32.Expiro.Gen.2
ViRobotWin32.Expiro.Gen.B
ZoneAlarmVirus.Win32.Expiro.w
MicrosoftVirus:Win32/Expiro.gen!F
CynetMalicious (score: 100)
AhnLab-V3Win32/Expiro2.Gen
VBA32Virus.Expiro.211
ALYacWin32.Expiro.Gen.2
PandaW32/Expiro.gen
RisingVirus.Expiro!1.A140 (CLASSIC)
IkarusVirus.Win32.Expiro
MaxSecureVirus.Expiro.W
FortinetW32/Expiro.W
AVGWin32:Expiro-Y
DeepInstinctMALICIOUS
alibabacloudVirus:Win/Expiro.BXEWJETRLKU

How to remove Win32/Expiro.W?

Win32/Expiro.W removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment