WIN32:expiro-EE infection
Solved
seduesed
Posted messages
7
Status
Membre
-
seduesed Posted messages 7 Status Membre -
seduesed Posted messages 7 Status Membre -
Hello,
My computer has been infected for 2 days.
After trying to fix it myself by following the procedure proposed by king06 (adwcleaner + junkware removal tool then malwarebytes), I apparently got rid of WIN64:expiro-Q and win32:vitro, but avast keeps alerting me about WIN32:expiro-EE.
What surprises me is that a scan with malwarebytes doesn't report anything, and I also did a "custom" scan on the windows\system32, windows\winsxs\, windows\ehome\, and windows\microsoft-net\ folders that avast flagged as infected during a boot scan.
Additional question: I have 5 items in malware quarantine, many in avast's, most of which come from C\windows\, as well as a game program called "purbleplace," which a child here enjoys playing.
Will the procedure also clean these items or should I restore them to their original location?
Thank you for your help.
This computer is an HP Pavilion g7, running Windows 7.
My computer has been infected for 2 days.
After trying to fix it myself by following the procedure proposed by king06 (adwcleaner + junkware removal tool then malwarebytes), I apparently got rid of WIN64:expiro-Q and win32:vitro, but avast keeps alerting me about WIN32:expiro-EE.
What surprises me is that a scan with malwarebytes doesn't report anything, and I also did a "custom" scan on the windows\system32, windows\winsxs\, windows\ehome\, and windows\microsoft-net\ folders that avast flagged as infected during a boot scan.
Additional question: I have 5 items in malware quarantine, many in avast's, most of which come from C\windows\, as well as a game program called "purbleplace," which a child here enjoys playing.
Will the procedure also clean these items or should I restore them to their original location?
Thank you for your help.
This computer is an HP Pavilion g7, running Windows 7.
9 réponses
Hi,
AdwCleaner etc. are useless, it's a real virus.
Check out this thread: https://forums.commentcamarche.net/forum/affich-30513808-pc-infecte-par-win32-expiro-bu
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
AdwCleaner etc. are useless, it's a real virus.
Check out this thread: https://forums.commentcamarche.net/forum/affich-30513808-pc-infecte-par-win32-expiro-bu
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Hi,
thank you for your response, I'm trying with the two links you mentioned.
What about the quarantined items, should they be permanently deleted?
thank you for your response, I'm trying with the two links you mentioned.
What about the quarantined items, should they be permanently deleted?
It's a virus that infects executables, so if you've quarantined files, you might have applications, or even Windows components, that will stop functioning.
You have to hope that Kaspersky or Dr. WEB can repair the files (that they remove the malicious part), otherwise you'll have to format without keeping any executables, otherwise you'll end up restoring everything.
You have to hope that Kaspersky or Dr. WEB can repair the files (that they remove the malicious part), otherwise you'll have to format without keeping any executables, otherwise you'll end up restoring everything.
Ok, which means that I leave everything in quarantine hoping that the tools will clean them up.<br />I started Kaspersky, I'll keep you posted but thanks already.
Kaspersky remove tool removed...a trojan and I still have the alert message from Avast, except that the virus has changed its name: WIN32:evo-gen[susp]!
Well, I'll try with Dr Web.
Well, I'll try with Dr Web.
If Kaspersky found only one trojan, it means the infection is not very widespread.
WIN32:evo-gen[susp] was found in which file?
--
Comme l'ange que tu es, tu ris en créant une légèreté dans ma poitrine,
Tes yeux me pénètrent,
(Ta réponse est toujours 'peut-être')
C'est alors que je me suis levé et suis parti.
WIN32:evo-gen[susp] was found in which file?
--
Comme l'ange que tu es, tu ris en créant une légèreté dans ma poitrine,
Tes yeux me pénètrent,
(Ta réponse est toujours 'peut-être')
C'est alors que je me suis levé et suis parti.
Hello,
it's always the same file, at startup and when I close a program:
C\windows\system32\svchost.exe
Furthermore, at startup, this notification appears:
and this program opens: 
What does it correspond to, what should I do?
it's always the same file, at startup and when I close a program:
C\windows\system32\svchost.exe
Furthermore, at startup, this notification appears:
and this program opens: What does it correspond to, what should I do?
Ah, some messes.
Do a cleanup with the Live CDs.
Otherwise, you're headed for a format.
--
Comme l'ange que tu es, tu ris en créant une légèreté dans ma poitrine,
Tes yeux me pénètrent,
(Ta réponse est toujours 'peut-être')
C'est à ce moment que je me suis levé et suis parti.
Do a cleanup with the Live CDs.
Otherwise, you're headed for a format.
--
Comme l'ange que tu es, tu ris en créant une légèreté dans ma poitrine,
Tes yeux me pénètrent,
(Ta réponse est toujours 'peut-être')
C'est à ce moment que je me suis levé et suis parti.