Win32:expiro-u

I have this virus on my network and the virus is in all the .exe files the problem is that avast only can delete or move the files to chest, so the system will not be usable

My question is posible to disinfect this files without deleting, maybe when avast check at the system start up.

I really need your anwers.

Sorry for my terrible english

you are infected with a file-infector and that is usually bad news, it often ends with a format and reinstall. I do not know if this one is cleanable but you need Essexboy on this

i send him a PM…

Follow this guide from our expert malware remover Essexboy
http://forum.avast.com/index.php?topic=53253.0
(post the logs here in this topic and not in the guide)

To avoid using multiple post with copy and paste you have to attach the log`s
Lower left corner: Additional Options > Attach ( OTL.Txt. / Extras.Txt )

Thank you pondus i really need a solution i work on a big company (100 pc 4 servers) and
if i have to format all the computer it will be …RIP

I wait for your news

Doesn’t sound good, but let’s wait what Essexboy says.
Good luck,
asyn

Hi what infector is Avast reporting ?

W32:Expiro info
http://www.securelist.com/en/find?words=Virus.Win32.Expiro.s%20

it sais win32:expiro-u please help essexboy

OK first thing is - if any of the computers access banking sites on line their passwords may be compromised

If all 100 computers are infected you would be better of reinstalling the latest image that you took

For 1 computer I will try this, although this is my first exposure to this one

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront.jpg

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg

Essexboy
with comodo says malcrypt.indus!@105441913
with avg says win32/exprio.O
and with avast says win32:expiro-u

please tell me something that is possible to clean the system… without deleting the files

waiting…

I will need to try on one first to see if there is any hope

give me one second and i post the results

If you want to conect to one of my computers… via some remote program…

Sorry do not do remote work

kaspersky removal tool doesnt find nothing.
I attach one jpg with a caputre from avast anlyce
I really thing that its impossible to clean all files
there are 1300 files infected.
I apreciate your help but Im starting to prepare to
format all the computers…
Thank you very much to all.

Hi popo13,

Infections were found to come from users playing games like RuneScape…
Read the description of what this type of virus is up to here: http://www.f-secure.com/v-descs/virus_w32_expiro_a.shtml
After a reformat, be careful when you have to visit any site mentioned in the description that the virus monitors and logs, before a reformat you can do an additional scan with: http://download.avg.com/filedir/util/avg_rem_sup.dir/rmexpiro.exe
If the infected computers are connected via a LAN, disconnect and reconnect only when all computers have been scanned to be clean after cleansing or after the “total-recall” e.g. reformat,

polonus

v5 can clean Expiro. But I recommend you disconnect from the net and disinfect. 'Cause if you visit e-bay or Paypal while infected with Expiro, the virus will display a fake error telling you to enter your pin number.

Jtylor83 you mean that Avast free can delete and Avast v5 internet security can clean it without deleting the files???
I tried with Avast free and it can only delete if you aré right you aré my angel
I will buy one licencie and try
Thanks

i doubt that AIS/PRO can do it if the free cant (they have the same virus engine) if so you could just install one AIS/PRO in trail mode and try…
anyway i would wait until Essexboy is back before doing anything…

Ok i will wait to essexboy

With that amount of files being infected I would highly recommend that all computers be reimaged along with the servers. The files may be able to be cleaned but they could also end up corrupted. You need to have some policy in place to stop files being downloaded from the internet, as that is where they have come from. Someone probably used a torrent for a cracked programme and it just went rampant throughout your system. Also you need to ensure that no-one apart from the system admin can turn off or disable any part of the Antivirus