Win32:expiro-u

[popo13]

I have this virus on my network and the virus is in all the .exe files the problem is that avast only can delete or move the files to chest, so the system will not be usable

My question is posible to disinfect this files without deleting, maybe when avast check at the system start up.

I really need your anwers.

Sorry for my terrible english

[Pondus]

you are infected with a file-infector and that is usually bad news, it often ends with a format and reinstall. I do not know if this one is cleanable but you need Essexboy on this

i send him a PM..


Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)


To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt. / Extras.Txt )

[popo13]

Thank you pondus i really need a solution i work on a big company (100 pc 4 servers) and
if i have to format all the computer it will be .....RIP

I wait for your news

[Asyn]

Doesn't sound good, but let's wait what Essexboy says.
Good luck,
asyn

[essexboy]

Hi what infector is Avast reporting ?

[Pondus]

W32:Expiro info
http://www.securelist.com/en/find?words=Virus.Win32.Expiro.s%20

[popo13]

it sais win32:expiro-u please help essexboy

[essexboy]

OK first thing is - if any of the computers access banking sites on line their passwords may be compromised

If all 100 computers are infected you would be better of reinstalling the latest image that you took

For 1 computer I will try this, although this is my first exposure to this one

 Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.



Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder  then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

[popo13]

Essexboy
with comodo says malcrypt.indus!@105441913
with avg says win32/exprio.O
and with avast says win32:expiro-u

please tell me something that is possible to clean the system... without deleting the files

waiting.....

[essexboy]

I will need to try on one first to see if there is any hope

[popo13]

give me one second and i post the results

[popo13]

If you want to conect to one of my computers... via some remote program....

[essexboy]

Sorry do not do remote work

[popo13]

kaspersky removal tool  doesnt find nothing.
I attach one jpg with a caputre from avast anlyce
I really thing that its impossible to clean all files
there are 1300 files infected.
I apreciate your help but Im starting to prepare to
format all the computers...
Thank you very much to all.

[polonus]

Hi popo13,

Infections were found to come from users playing games like RuneScape....
Read the description of what this type of virus is up to here: http://www.f-secure.com/v-descs/virus_w32_expiro_a.shtml
After a reformat, be careful when you have to visit any site mentioned in the description that the virus monitors and logs, before a reformat you can do an additional scan with: http://download.avg.com/filedir/util/avg_rem_sup.dir/rmexpiro.exe
If the infected computers are connected via a LAN, disconnect and reconnect only when all computers have been scanned to be clean after cleansing or after the "total-recall" e.g. reformat,

polonus