myFile infected by w32.expiro

Dear all,

Please help me … my file is infected by w32.expiro and Avast HomeEdition can’t detect or remove it
what should i do…
i really need help now
i really confused right now…
Please help me asap

thanks

regards

leo

hi leo

chill 8)

so firstly how did u come to know ur system is infected with w32.expiro
are u sure its w32.expiro…?
cos when i searched i found it was a file infector…
ie…infects all .exe files :frowning:
check this link
http://www.f-secure.com//v-descs/virus_w32_expiro_a.shtml
and the instrustions to remove this is given in
http://www.sophos.com/support/disinfection/filvir.html
follow the above if ur very sure wat ur doing…or it better if u wait for some one else with better know how to look into ur matter

Hi leosan88,

Could well be that Avast flagged w.32 experio, but neutralized it by putting it in the chest. Consider also these additional measures to be taken : http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx
The virus is contained in just over 110 kb of code appended to host files on an infected and compromised machine. When an infected file is being run, the virus code will execute and search for more files to execute
(sometimes up to 600). Lately we see a re-appearance of file infectors totaling 25% of the present malware.

polonus

If a virus is replicant (coming and coming again), you could follow the general cleaning procedure:

  1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k. After boot you can enable System Restore again after step 3).

  2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

  3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
    If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

  5. If you still detecting any strange behavior or even you’re sure you’re not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

  6. Also, if you still detecting strange behaviors or you want to be sure you’re clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

  7. After you’re clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

  8. Finally, when you’re clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.

thanks for your reply…
i was do from your suggestion but stil no help

w32.expiro still there,

so i want install fresh xp so i hope virus is gone…

why avast can’t detect expiro…???
only avg and mcafee can detect but quarantine

i hope avast can remove expiro variant…
ok thanks for your suggestion

regards

leo

All the steps? Specially, step 6. Can you post a link to your RunScanner log?

Because no software is perfect and, sorry, avast detection should improve much more…

hi even if u install a fresh copy unless u format all drives u still have a good chance of getting reinfected…

so try the instruction provided here
http://www.sophos.com/support/disinfection/filvir.html

a similar kind of infection from sophos helped me to get rid of w32:sality from my friends comp
it is another file infector